Skip to content
Log In

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 insecure logons to an SMB server must be disabled.

    Insecure guest logons allow unauthenticated access to shared folders. Shared resources on a system must require authentication to establish proper access.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require mutual authentication and integrity for at least the \\*\SYSVOL and \\*\NETLOGON shares.

    Additional security requirements are applied to UNC paths specified in hardened UNC paths before allowing access to them. This aids in preventing tampering with or spoofing of connections to these ...
    Rule Medium Severity
    Show

  • SRG-OS-000042-GPOS-00020

    Group
    Show

  • Windows Server 2022 command line data must be included in process creation events.

    Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. A...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable credentials.

    An exportable version of credentials is provided to remote hosts when using credential delegation which exposes them to theft on the remote host. Restricted Admin mode or Remote Credential Guard al...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 virtualization-based security must be enabled with the platform security level configured to Secure Boot or Secure Boot with DMA Protection.

    Virtualization Based Security (VBS) provides the platform for the additional security features Credential Guard and virtualization-based protection of code integrity. Secure Boot is the minimum sec...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad.

    Compromised boot drivers can introduce malware prior to protection mechanisms that load after initialization. The Early Launch Antimalware driver can limit allowed drivers based on classifications ...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 group policy objects must be reprocessed even if they have not changed.

    Registry entries for group policy settings can potentially be changed from the required configuration. This could occur as part of troubleshooting or by a malicious process on a compromised system....
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • Windows Server 2022 downloading print driver packages over HTTP must be turned off.

    Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive informati...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • Windows Server 2022 printing over HTTP must be turned off.

    Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive informati...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen.

    Enabling interaction with the network selection UI allows users to change connections to available networks without signing in to Windows.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (on battery).

    A system that does not require authentication when resuming from sleep may provide access to unauthorized users. Authentication must always be required when accessing a system. This setting ensures...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (plugged in).

    A system that does not require authentication when resuming from sleep may provide access to unauthorized users. Authentication must always be required when accessing a system. This setting ensures...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.

    Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive informati...
    Rule Low Severity
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • Windows Server 2022 Autoplay must be turned off for nonvolume devices.

    Allowing AutoPlay to execute may introduce malicious code to a system. AutoPlay begins reading from a drive as soon as media is inserted into the drive. As a result, the setup file of programs or m...
    Rule High Severity
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands.

    Allowing AutoRun commands to execute may introduce malicious code to a system. Configuring this setting prevents AutoRun commands from executing.
    Rule High Severity
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • Windows Server 2022 AutoPlay must be disabled for all drives.

    Allowing AutoPlay to execute may introduce malicious code to a system. AutoPlay begins reading from a drive as soon media is inserted into the drive. As a result, the setup file of programs or musi...
    Rule High Severity
    Show

  • SRG-OS-000134-GPOS-00068

    Group
    Show

  • Windows Server 2022 administrator accounts must not be enumerated during elevation.

    Enumeration of administrator accounts when elevating can provide part of the logon information to an unauthorized user. This setting configures the system to always require users to type in a usern...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 Diagnostic Data must be configured to send "required diagnostic data" or "optional diagnostic data".

    Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Limiting this capability will prevent potentially sensitive information ...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 Windows Update must not obtain updates from other PCs on the internet.

    Windows Update can obtain updates from additional sources instead of Microsoft. In addition to Microsoft, updates can be obtained from and sent to PCs on the local network as well as on the interne...
    Rule Low Severity
    Show

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • Windows Server 2022 Application event log size must be configured to 32768 KB or greater.

    Inadequate log size will cause the log to fill up quickly. This may prevent audit events from being recorded properly and require frequent attention by administrative personnel.
    Rule Medium Severity
    Show

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • Windows Server 2022 Security event log size must be configured to 196608 KB or greater.

    Inadequate log size will cause the log to fill up quickly. This may prevent audit events from being recorded properly and require frequent attention by administrative personnel.
    Rule Medium Severity
    Show

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • Windows Server 2022 System event log size must be configured to 32768 KB or greater.

    Inadequate log size will cause the log to fill up quickly. This may prevent audit events from being recorded properly and require frequent attention by administrative personnel.
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled.

    Microsoft Defender antivirus SmartScreen helps protect systems from programs downloaded from the internet that may be malicious. Enabling SmartScreen can block potentially malicious programs or war...
    Rule Medium Severity
    Show

  • SRG-OS-000433-GPOS-00192

    Group
    Show

  • Windows Server 2022 Explorer Data Execution Prevention must be enabled.

    Data Execution Prevention provides additional protection by performing checks on memory to help prevent malicious code from running. This setting will prevent Data Execution Prevention from being t...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Windows Server 2022 Turning off File Explorer heap termination on corruption must be disabled.

    Legacy plug-in applications may continue to function when a File Explorer session has become corrupt. Disabling this feature will prevent this.
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules