WN19-00-000290 – Windows Server 2019 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) – CNDSP.

Details

Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws. The operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a DoD-approved ESS software and ensure it is operating continuously.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2019_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

800-53|SI-2(2)
CAT|II
CCI|CCI-001233
Rule-ID|SV-205728r793217_rule
STIG-ID|WN19-00-000290
STIG-Legacy|SV-103653
STIG-Legacy|V-93567
Vuln-ID|V-205728

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles