Home
Security Hardening
CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

Ensure ‘Impersonate a client after authentication’ is set to ‘Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE’
Details The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified...
Ensure ‘Increase scheduling priority’ is set to ‘Administrators’
Details This policy setting determines whether users can increase the base priority class of a process. (It is not a...
Ensure ‘Load and unload device drivers’ is set to ‘Administrators’
Details This policy setting allows users to dynamically load a new device driver on a system. An attacker could potentially...
Ensure ‘Lock pages in memory’ is set to ‘No One’
Details This policy setting allows a process to keep data in physical memory, which prevents the system from paging the...
Ensure ‘Manage auditing and security log’ is set to ‘Administrators’ (STIG DC only)
Details This policy setting determines which users can change the auditing options for files and directories and clear the Security...
Ensure ‘Maximum lifetime for service ticket’ is set to ‘600 or fewer minutes, but not 0’ (STIG DC only)
Details This security setting determines the maximum amount of time (in minutes) that a granted session ticket can be used...
Ensure ‘Maximum lifetime for user ticket’ is set to ’10 or fewer hours, but not 0′ (STIG DC only)
Details This security setting determines the maximum amount of time (in hours) that a user’s ticket-granting ticket (TGT) may be...
Ensure ‘Maximum lifetime for user ticket renewal’ is set to ‘7 or fewer days’ (STIG DC only)
Details This security setting determines the period of time (in days) during which a user’s ticket-granting ticket can be renewed....
Ensure ‘Maximum password age’ is set to ’60 or fewer days, but not 0′
Details This policy setting defines how long a user can use their password before it expires. Values for this policy...
Ensure ‘Maximum tolerance for computer clock synchronization’ is set to ‘5 or fewer minutes’ (STIG DC only)
Details This security setting determines the maximum time difference (in minutes) that Kerberos V5 tolerates between the time on the...

Prev Next

CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

Ensure ‘Impersonate a client after authentication’ is set to ‘Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE’

Ensure ‘Increase scheduling priority’ is set to ‘Administrators’

Ensure ‘Load and unload device drivers’ is set to ‘Administrators’

Ensure ‘Lock pages in memory’ is set to ‘No One’

Ensure ‘Manage auditing and security log’ is set to ‘Administrators’ (STIG DC only)

Ensure ‘Maximum lifetime for service ticket’ is set to ‘600 or fewer minutes, but not 0’ (STIG DC only)

Ensure ‘Maximum lifetime for user ticket’ is set to ’10 or fewer hours, but not 0′ (STIG DC only)

Ensure ‘Maximum lifetime for user ticket renewal’ is set to ‘7 or fewer days’ (STIG DC only)

Ensure ‘Maximum password age’ is set to ’60 or fewer days, but not 0′

Ensure ‘Maximum tolerance for computer clock synchronization’ is set to ‘5 or fewer minutes’ (STIG DC only)