WN12-00-000012 – Shared user accounts must not be permitted on the system.
Details Shared accounts (accounts where two or more people log in with the same user identification) do not provide adequate...
- Home
- Security Hardening
- DISA Windows Server 2012 And 2012 R2 DC STIG V3R3
DISA Windows Server 2012 And 2012 R2 DC STIG V3R3
WN12-00-000017 – System-related documentation must be backed up in accordance with local recovery time and recovery point objectives.
Details Operating system backup is a critical step in maintaining data assurance and availability. Information system and security-related documentation contains...WN12-00-000018 – The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
Details Utilizing a whitelist provides a configuration management method for allowing the execution of only authorized software. Using only authorized...WN12-00-000019 – Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
Details Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for example, during aggregation, at...WN12-00-000020 – Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
Details This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ...WN12-00-000100 – The Windows 2012 / 2012 R2 system must use an anti-virus program.
Details Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type...WN12-00-000160 – The Server Message Block (SMB) v1 protocol must be disabled on Windows 2012 R2.
Details SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be...WN12-00-000013 – Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Details Security configuration tools such as Group Policies and Security Templates allow system administrators to consolidate security-related system settings into...WN12-00-000014 – System-level information must be backed up in accordance with local recovery time and recovery point objectives.
Details Operating system backup is a critical step in maintaining data assurance and availability. System-level information includes system-state information, operating...WN12-00-000015 – User-level information must be backed up in accordance with local recovery time and recovery point objectives.
Details Operating system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by...