Srr Result Report - Pace
SECTION 2:
Unclassified UNTIL FILLED IN
CIRCLE ONE
FOR OFFICIAL USE ONLY (mark each page)
CONFIDENTIAL and SECRET (mark each page and each finding)
Classification is based on classification of system reviewed:
Unclassified System = FOUO Checklist
Confidential System = CONFIDENTIAL Checklist
Secret System = SECRET Checklist
Top Secret System = SECRET Checklist
1 SRR Result Report
| | | | |
|Reviewer: | |Date: | |
| | | |
|System: | | |
| |
| | |
| |Finding Totals: |Comments: |
| | | | |
| |Category I: | | |
| |Category II: | | |
| |Category III: | | |
| |Category IV: | | |
| | | | |
| |Total: | | |
| |
2 Site Information
| | |
|Site: | |
| |
|System Administrator Information: |
|Name: | |
|E-mail Address: | |
|Phone # (Commercial): |( ) |DSN: | |
| |
|ISSO Information: |
|Name: | |
|E-mail Address: | |
|Phone # (Commercial): |( ) |DSN: | |
3 System Information
System Information
| | | | |
|Asset Name: | |Domain: |( Standalone |
| | |
|Asset Description: | |
|( Registered in VCTS |VCTS Asset ID: | |
|TCP/IP Address(es): | |
| |( DHCP |
|Hardware | |
|Make: | |Model: | |
|Manufacturer: | |
|Barcode: | |Serial No.: | |
| | |
|System Location (building/room): | |
| | |
| | | | | |
|System Classification: |( |UNCLASSIFIED |( |SECRET |
| |( |CONFIDENTIAL |( |TOP SECRET |
| |
|Operating System(s) used on this system: |
| |( |Windows Server 2003 | |( |Other ________________________ |
| |( | | | | ________________________ |
| |( | | | | ________________________ |
| | | |
|System Role: | |System Workload: |
| |( |Member Server | |( |File Server |
| |( |Standalone System | |( |WEB Server |
| |( |Domain Controller | |( |ISA Server |
| |( | | |( | |
| | | | |( | |
| | | | |( | |
| | | | |( |Other: | |
| | | | |
A Γ next to a check indicates a Platinum Standard item.
A “ι” symbol appearing on a check indicates that the SRR script may return a false finding. Refer to the corresponding item in section 5 of the checklist for additional information.
4 Finding Details
|Procedure Section Headings | |Finding Information | |PDI Information |
|Man. | |Scrpt. | |Status |Details | |PDI |Description |Cat. |
|3.01 | |- | |( Finding | | |1.001 |Physical security of the Windows |II |
| | | | |( Not a Finding | | | |Server/Workstation does not meet | |
|Admin | | | |( Not Applicable | | | |DISA requirements. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.02 | |- | |( Finding |( Administrators use the built-in administrator account. | |1.006 |Users with Administrative privilege|II |
| | | | |( Not a Finding |( Personal administrator accounts are not maintained. | | |are not documented or do not have | |
|Admin | | | |( Not Applicable |( Administrators don’t have separate accounts for normal | | |separate accounts for | |
| | | | |( Not Reviewed |user tasks. | | |administrative duties and normal | |
| | | | | |( Administrators are not properly trained. | | |operational tasks. | |
| | | | | |( A list of all users belonging to the Administrator’s | | | | |
| | | | | |group is not maintained. | | | | |
|3.03 | |- | |( Finding |( Personal Backup Operator accounts are not maintained. | |1.007 |Members of the Backup Operators |II |
| | | | |( Not a Finding |( Backup Operators don’t have separate accounts for normal | | |group do not have separate accounts| |
|Admin | | | |( Not Applicable |user tasks. | | |for backup duties and normal | |
| | | | |( Not Reviewed |( Backup Operators are not properly trained. | | |operational tasks. | |
| | | | | |( A list of all users belonging to the Backup Operator’s | | | | |
| | | | | |group maintained. | | | | |
|Procedure Section Headings | |Finding Information | |PDI Information |
|Man. | |Scrpt. | |Status |Details | |PDI |Description |Cat. |
|3.04 | |- | |( Finding |The following shared accounts exist on the local system: | |1.008 |Shared user accounts permitted on |II |
| | | | |( Not a Finding | | | |the system are not documented and | |
|Admin | | | |( Not Applicable | | | |justified. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.05 | |- | |( Finding |An Auditor’s group, whose members can view and archive the | |1.010 |Access to the Windows Security |II |
| | | | |( Not a Finding |Security Event Log, has not been created. | | |Event Log has not been restricted | |
|Admin | | | |( Not Applicable | | | |to an Auditors group. | |
| | | | |( Not Reviewed | | | | | |
|3.06 | |- | |( Finding |Audit logs are not reviewed and/or archived. | |1.029 |Audit logs are not archived or |II |
| | | | |( Not a Finding | | | |reviewed. | |
|Admin | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|3.07 | |- | |( Finding |( The CMOS allows booting off floppy or CD-ROM devices. | |1.012 |The CMOS configuration does not |III |
| | | | |( Not a Finding |( The CMOS is not password protected. | | |conform to DISA requirements. | |
|Admin | | | |( Not Applicable | | | | | |
|Γ | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.08 | |- | |( Finding |( Emergency system recovery data is not routinely | |1.013 |System information backups are not |III |
| | | | |( Not a Finding |maintained. | | |created, updated, and protected | |
|Admin | | | |( Not Applicable |( Emergency system recovery data is not stored in a secure | | |according to DISA requirements. | |
| | | | |( Not Reviewed |location. | | | | |
| | | | | |( Emergency system recovery data is not kept from the time | | | | |
| | | | | |of system installation. | | | | |
| | | | | |( Emergency system recovery data was not updated following | | | | |
| | | | | |the last system modification. | | | | |
|3.09 | |- | |( Finding |( The site has no policy for the use of Mobile | |2.017 |A local policy for the use of |II |
| | | | |( Not a Finding |USB Disk Devices. | | |Mobile USB Disk Devices doesn’t | |
|Admin | | | |( Not Applicable |( The policy doesn’t require the following: | | |exist. | |
| | | | |( Not Reviewed |Devices will be formatted with the NTFS file system. | | | | |
| | | | | |Devices will have file ACLs and auditing configured in | | | | |
| | | | | |accordance with DOD requirements. | | | | |
|3.10 | |- | |( Finding |The Microsoft Security Configuration Tool Set, or other | |1.016 |The Microsoft Security |III |
| | | | |( Not a Finding |equivalent means, is not used for securing W2K3 platforms. | | |Configuration Manager (SCM) is not | |
|Admin | | | |( Not Applicable | | | |being used to configure platforms | |
| | | | |( Not Reviewed | | | |to compliance. | |
| | | | | | | | | | |
|3.11 | |- | |( Finding |Active Directory is not backed up in accordance with DISA | |1.023 |The Active Directory is not being |II |
| | | | |( Not a Finding |standards. | | |backed up according to DISA | |
|Admin | | | |( Not Applicable |(Domain Controllers) | | |requirements. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.12 | |- | |( Finding |The site does not use a tool to compare system files (.exe | |1.024 |System files are not checked for |II |
| | | | |( Not a Finding |and .dll) on servers against a baseline, on a weekly basis.| | |unauthorized changes. | |
|Admin | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.13 | |- | |( Finding |The computer does not require network access, and contains | |1.026 |A computer that does not require |III |
| | | | |( Not a Finding |NIC Card. | | |network access has a NIC. | |
|Admin | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.14 | |- | |( Finding |User ID and Password information, and data, when required, | |3.061 |Unencrypted remote access is |I |
| | | | |( Not a Finding |used for remote access to system services is not encrypted.| | |permitted to system services. | |
|Admin | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|3.15 | |- | |( Finding |A Server does not have a host-based intrusion detection | |1.025 |A Server does not have a host-based|II |
| | | | |( Not a Finding |system installed and enabled. | | |Intrusion Detection System. | |
|Admin | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.02.1 | |- | |( Finding |( Service Pack ________ is installed. | |2.005 |The required Windows service pack |II |
| | | | |( Not a Finding |( No service pack is installed. | | |is not installed. | |
|Expl. | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.02.2 | |- | |( Finding |The following files supporting the POSIX subsystem exist: | |2.004 |POSIX subsystem file components are|II |
| | | | |( Not a Finding |( POSIX.EXE | | |installed. | |
|Expl. | | | |( Not Applicable |( PSXDLL.DLL | | | | |
|Γ | | | |( Not Reviewed |( PSXSS.EXE | | | | |
| | | | | | | | | | |
|5.02.3 | |- | |( Finding |The required file does not exist. | |2.009 |The current approved DLL for strong|II |
| | | | |( Not a Finding | | | |password filtering is not | |
|Expl. | | | |( Not Applicable | | | |installed. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.02.4 | |- | |( Finding |Share permissions are not properly set for the following | |3.027 |Printer share permissions are not |III |
| | | | |( Not a Finding |printers: | | |configured as recommended. | |
|Expl. | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.1 | |- | |( Finding |The following volumes are not formatted using NTFS: | |2.008 |Local volumes are not formatted |I |
| | | | |( Not a Finding | | | |using NTFS. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.03 | |- | |( Finding |( The service is not disabled. | |5.063 |“NetMeeting Remote Desktop Sharing”|II |
| | | | |( Not a Finding | | | |is not disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.03.2.04 | |- | |( Finding |( The service is not disabled. | |5.064 |“Remote Access Auto Connection |II |
| | | | |( Not a Finding | | | |Manager” is not disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.03.2.05 | |- | |( Finding |( The service is not disabled. | |5.065 |“Remote Desktop Help Session |II |
| | | | |( Not a Finding | | | |Manager” is not disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.03.2.06 | |- | |( Finding |The service is still active. | |5.008 |“Remote Shell Service” is not |II |
| | | | |( Not a Finding | | | |disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.07 | |- | |( Finding |The service is still active. | |5.067 |“Routing and Remote Access” is not |II |
| | | | |( Not a Finding | | | |disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.08 | |- | |( Finding |The service is still active. | |5.010 |“Simple TCP/IP Services” are not |II |
| | | | |( Not a Finding | | | |disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.09 | |- | |( Finding |( The service is not required and not disabled. | |5.009 |The Task Scheduler service is |II |
| | | | |( Not a Finding | | | |either not controlled, or not | |
|CMC | | | |( Not Applicable | | | |disabled. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.10 | |- | |( Finding |The service is still active. | |5.013 |“Telnet” is not disabled. |II |
| | | | |( Not a Finding | | | | | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.11 | |- | |( Finding |The service is not required and is not disabled. | |5.020 |“Terminal Services” are not |I |
| | | | |( Not a Finding | | | |disabled. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.12 | |- | |( Finding |Unnecessary services appear in the service list and are not| |5.068 |Unnecessary services are run on the|II |
| | | | |( Not a Finding |disabled. | | |system. | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.03.2.13 | |- | |( Finding |( Virus protection software is not installed and/or active.| |5.007 |An approved DISA virus scan program|I |
| | | | |( Not a Finding |( Virus protection software is no longer supported by the | | |is not used and/or updated. | |
|CMC | | | |( Not Applicable |vendor. (Cat II) | | | | |
|ι | | | |( Not Reviewed |( Virus signature file is older than 14 days. | | | | |
| | | | | |( The following virus-protection software used (that is not| | | | |
| | | | | |sponsored by DISA) (Cat IV) is listed as follows: | | | | |
|5.03.3 | |- | |( Finding |The following user-created file shares have not been | |2.015 |File share ACLs have not been |II |
| | | | |( Not a Finding |reconfigured to remove ACL permissions from the “Everyone | | |reconfigured to remove the | |
|CMC | | | |( Not Applicable |group”: | | |“Everyone” group. | |
| | | | |( Not Reviewed | | | | | |
|5.03.4 | |- | |( Finding |Unused USB controllers exist that are not disabled. | |1.031 |Unused USB ports are not disabled. |II |
| | | | |( Not a Finding | | | | | |
|CMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.01.1 | |- | |( Finding |The local system requires users to change passwords after | |4.011 |Maximum password age does not meet |II |
| | | | |( Not a Finding |________ days. | | |minimum requirements. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.01.2 | |- | |( Finding |The local system allows users to change passwords in | |4.012 |Minimum password age does not meet |II |
| | | | |( Not a Finding |________ days. | | |minimum requirements. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.01.3 | |- | |( Finding |The local system requires passwords to be at least ________| |4.013 |Minimum password length does not |II |
| | | | |( Not a Finding |characters in length. | | |meet minimum requirements. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.01.4 | |- | |( Finding |The local system is configured to remember ________ | |4.014 |Password uniqueness does not meet |II |
| | | | |( Not a Finding |passwords. | | |minimum requirements. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.01.5 | |- | |( Finding |( The “EnPasFlt” or “PPE” password filter is not installed | |3.028 |The built-in Microsoft password |II |
| | | | |( Not a Finding |( The password policy “Passwords must meet complexity | | |filter is not disabled. | |
|MMC | | | |( Not Applicable |requirements” is enabled when the above filters are | | | | |
| | | | |( Not Reviewed |installed. | | | | |
| | | | | | | | | | |
|5.04.01.6 | |- | |( Finding |Password policy "Store password using reversible encryption| |3.057 |Reversible password encryption is |II |
| | | | |( Not a Finding |for all users in the domain" is not set to disabled. | | |not disabled | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.02.1 | |- | |( Finding |( The local system will allow ________ consecutive bad | |4.002 |The number of allowed bad logon |II |
| | | | |( Not a Finding |logons before locking down the account. | | |attempts does not meet minimum | |
|MMC | | | |( Not Applicable | | | |requirements. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.02.2 | |- | |( Finding |( The bad logon counter is reset after ________ minutes. | |4.003 |Time before the bad logon counter |II |
| | | | |( Not a Finding | | | |is reset does not meet minimum | |
|MMC | | | |( Not Applicable | | | |requirements. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.02.3 | |- | |( Finding |( The lockout duration is specified to be ________ minutes.| |4.004 |Lockout duration does not meet |II |
| | | | |( Not a Finding | | | |minimum requirements. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.03.1 | |- | |( Finding |The Kerberos policy option "Enforce user logon | |4.029 |Kerberos user logon restrictions |II |
| | | | |( Not a Finding |restrictions" is not set to enabled. | | |are not enforced. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed |(Domain Controllers only) | | | | |
|5.04.03.2 | |- | |( Finding |The Kerberos policy option "Maximum lifetime for service | |4.030 |Kerberos service ticket maximum |II |
| | | | |( Not a Finding |ticket" is not set to a maximum of 600 minutes or less. It| | |lifetime does not meet minimum | |
|MMC | | | |( Not Applicable |is set to _____minutes. | | |standards. | |
| | | | |( Not Reviewed | | | | | |
| | | | | |(Domain Controllers only) | | | | |
|5.04.03.3 | |- | |( Finding |The Kerberos policy option "Maximum lifetime for user | |4.031 |Kerberos user ticket maximum |II |
| | | | |( Not a Finding |ticket" is not set to a maximum of 10 hours or less. It is| | |lifetime does not meet minimum | |
|MMC | | | |( Not Applicable |set to _____hours. | | |standards. | |
| | | | |( Not Reviewed | | | | | |
| | | | | |(Domain Controllers only) | | | | |
|5.04.03.4 | |- | |( Finding |The Kerberos policy option "Maximum lifetime for user | |4.032 |Kerberos user ticket renewal |II |
| | | | |( Not a Finding |ticket renewal" is not set to a maximum of 7 days or less. | | |maximum lifetime does not meet | |
|MMC | | | |( Not Applicable |It is set to _____days. | | |minimum standards. | |
| | | | |( Not Reviewed | | | | | |
| | | | | |(Domain Controllers only) | | | | |
|5.04.03.5 | |- | |( Finding |The Kerberos policy option "Maximum tolerance for computer | |4.033 |Computer clock synchronization |II |
| | | | |( Not a Finding |clock synchronization" is not set to a maximum of 5 minutes| | |tolerance does not meet minimum | |
|MMC | | | |( Not Applicable |or less. It is set to _____minutes. | | |standards. | |
| | | | |( Not Reviewed | | | | | |
| | | | | |(Domain Controllers only) | | | | |
|5.04.04.1 | |- | |( Finding |System-level auditing is not enabled. | |4.007 |Auditing is not enabled. |II |
| | | | |( Not a Finding | | | | | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.04.2 | |- | |( Finding |( System-level auditing is not enabled. | |4.008 |System-auditing configuration does |II |
| | | | |( Not a Finding |( The following events are not audited: | | |not meet minimum requirements. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.05.1 | |- | |( Finding |Discrepancies between the checklist and the local system | |4.010 |User and advanced user rights |II |
| | | | |( Not a Finding |are listed as follows: | | |settings do not meet minimum | |
|MMC | | | |( Not Applicable | | | |requirements. | |
|ι | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.05.2 | |- | |( Finding |The following user and user groups are assigned this | |4.009 |Unauthorized users are granted |I |
| | | | |( Not a Finding |privilege: | | |right to “Act as part of the | |
|MMC | | | |( Not Applicable | | | |operating system.” | |
|ι | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.05.3 | |- | |( Finding |The following user and user groups are assigned this | |4.040 |Unauthorized users are granted |II |
| | | | |( Not a Finding |privilege: | | |right to “Allow logon through | |
| | | | |( Not Applicable | | | |Terminal Services” | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.05.4 | |- | |( Finding |The Guests group is not denied this user right. | |4.025 |Guests group is not assigned the |I |
| | | | |( Not a Finding | | | |right “Deny access this computer | |
|MMC | | | |( Not Applicable | | | |from the network.” | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.05.5 | |- | |( Finding |The Guests group is not denied this user right. | |4.026 |Guests group is not assigned the |II |
| | | | |( Not a Finding | | | |right “Deny log on Locally.” | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.05.6 | |- | |( Finding |The following user and user groups are assigned this | |4.041 |Specified users are not granted the|II |
| | | | |( Not a Finding |privilege: | | |right “Deny logon through Terminal | |
|MMC | | | |( Not Applicable | | | |Services”. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.01 | |- | |( Finding |( The value for “Accounts: Guest account status” is not set| |4.020 |The built-in guest account is not |II |
| | | | |( Not a Finding |to ” Disabled”. | | |disabled. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.02 | |- | |( Finding |( The value for “Accounts: Limit local account use of blank| |4.036 |The use of local accounts with |I |
| | | | |( Not a Finding |passwords to console logon only” is not set to ” Enabled”. | | |blank passwords is not restricted | |
|MMC | | | |( Not Applicable | | | |to console logons only. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.03 | |- | |( Finding |( The value for “Accounts: Rename administrator account” is| |4.022 |The built-in administrator account |II |
| | | | |( Not a Finding |not set to a value other than “Administrator”. | | |has not been renamed. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.04 | |- | |( Finding |( The value for “Accounts: Rename guest account” is not set| |4.021 |The built-in guest account has not |II |
| | | | |( Not a Finding |to a value other than “Guest”. | | |been renamed. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.05 | |- | |( Finding |( The value for “Audit: Shut down system immediately if | |3.015 |System does not halt once an event |III |
| | | | |( Not a Finding |unable to log security audits” is not set to “Enabled”. | | |log has reached its maximum size. | |
|MMC | | | |( Not Applicable |or | | | | |
|Γ | | | |( Not Reviewed |( The site has no alternate method to monitor auditing. | | | | |
| | | | | | | | | | |
|5.04.06.06 | |- | |( Finding |( The value for “Devices: Allow Undock Without Having to | |3.069 |The system may be removed from the |II |
| | | | |( Not a Finding |Log On” is not set to ” Disabled”. | | |docking station without logging on | |
|MMC | | | |( Not Applicable | | | |first. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.07 | |- | |( Finding |( Tthe value for “Devices: Allowed to Format and Eject | |3.052 |Ejection of removable NTFS media is|II |
| | | | |( Not a Finding |Removable Media” is not set to ” Administrators”. | | |not restricted to Administrators. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.08 | |- | |( Finding |( The value for “Devices: Prevent users from installing | |3.029 |Print driver installation privilege|III |
| | | | |( Not a Finding |printer drivers” is not set to “Enabled”. | | |is not restricted to | |
|MMC | | | |( Not Applicable | | | |administrators. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.09 | |- | |( Finding |( The value for “Devices: Restrict floppy access to locally| |3.004 |Removable media devices are not |III |
| | | | |( Not a Finding |logged-on user only” is not set to “Enabled” | | |allocated upon user logon. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.10 | |- | |( Finding |( The value for “Devices: Unsigned driver installation | |3.050 |The unsigned driver installation |III |
| | | | |( Not a Finding |behavior” is not set to “Warn but allow installation” or | | |behavior is improperly set. | |
|MMC | | | |( Not Applicable |“Do not allow installation”. | | | | |
|Γ | | | |( Not Reviewed | | | | | |
|5.04.06.11 | |- | |( Finding |(Domain Controllers only) | |3.058 |The Server Operators group can |II |
| | | | |( Not a Finding |( The Security Options value is set to ________________. | | |schedule tasks. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.12 | |- | |( Finding |( The value for “Domain Controller: LDAP Server signing | |3.106 |Lightweight Directory Access |II |
| | | | |( Not a Finding |requirements” is not set to “Require Signing”. | | |Protocol (LDAP) server doesn’t | |
|MMC | | | |( Not Applicable | | | |require LDAP clients to negotiate | |
| | | | |( Not Reviewed | | | |data signing. | |
| | | | | | | | | | |
|5.04.06.13 | |- | |( Finding |( The value for “Domain Controller: Refuse machine account | |3.107 |Requests to change the computer |III |
| | | | |( Not a Finding |password changes” is not set to “Disabled”. | | |account password are refused by the| |
|MMC | | | |( Not Applicable | | | |Domain Controller. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.14 | |- | |( Finding |( The value for “Domain Member: Digitally encrypt secure | |3.043 |Outgoing secure channel traffic is |II |
| | | | |( Not a Finding |channel data (when possible)” is not set to “Enabled”. | | |not encrypted when possible. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.15 | |- | |( Finding |( The value for “Domain Member: Digitally sign secure | |3.042 |Outgoing secure channel traffic is |II |
| | | | |( Not a Finding |channel data (when possible)” is not set to “Enabled”. | | |not signed when possible. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.16 | |- | |( Finding |( The value for “Domain Member: Disable Machine Account | |3.044 |The computer account password is |III |
| | | | |( Not a Finding |Password Changes” is set to “Enabled”. | | |prevented from being reset. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.17 | |- | |( Finding |( The value for “Domain Member: Maximum Machine Account | |4.043 |The maximum age for machine account|III |
| | | | |( Not a Finding |Password Age” is not set to “30”, or less. | | |passwords is not set to | |
|MMC | | | |( Not Applicable | | | |requirements. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.18 | |- | |( Finding |( The value for “Domain Member: Require Strong (Windows | |4.044 |The system is not set to require a |II |
| | | | |( Not a Finding |2000 or Later) Session Key” is not set to “Enabled”. | | |strong session key. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.20 | |- | |( Finding |( The value for “FSO: Permit Administrator Automatic Logon”| |3.040 |Administrator automatic logon is |I |
| | | | |( Not a Finding |is not set to “Disabled”. | | |enabled. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.21 | |- | |( Finding |( The value for “FSO: Prevent the dial-up password from | |3.024 |The option to prevent the password |II |
| | | | |( Not a Finding |being saved” is not set to “Enabled”. | | |in dial-up networking from being | |
|MMC | | | |( Not Applicable | | | |saved is not enabled. | |
| | | | |( Not Reviewed |(Only applicable to systems with the RAS service installed)| | | | |
| | | | | | | | | | |
|5.04.06.22 | |- | |( Finding |( The value for “Interactive Logon: Do not require | |3.032 |The Ctrl+Alt+Del security attention|II |
| | | | |( Not a Finding |CTRL-ALT-DEL” is not set to “Disabled”. | | |sequence is Disabled. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.23 | |- | |( Finding |( The value for “Interactive Logon: Message text for users | |3.011 |Legal notice is not configured to |II |
| | | | |( Not a Finding |attempting to log on” is not set properly. | | |display before console logon. | |
|MMC | | | |( Not Applicable |( The value for “Interactive Logon: Message title for users| | | | |
|ι | | | |( Not Reviewed |attempting to log on” is not set properly.. | | | | |
| | | | | | | | | | |
|5.04.06.24 | |- | |( Finding |( The value for “Interactive Logon: Number of previous | |3.013 |Caching of logon credentials is not|III |
| | | | |( Not a Finding |logons to cache (in case Domain Controller is unavailable)”| | |disabled. | |
|MMC | | | |( Not Applicable |is not set to “0 logons” or “1 logons”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.25 | |- | |( Finding |( The value for “Interactive Logon: Prompt user to change | |3.054 |Users are not warned in advance |IV |
| | | | |( Not a Finding |password before expiration” is not set to “14 days” or | | |that their passwords will expire. | |
|MMC | | | |( Not Applicable |more. | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.26 | |- | |( Finding |( The value for “Interactive logon: Require domain | |4.045 |Domain Controller authentication is|II |
| | | | |( Not a Finding |controller authentication to unlock workstation” is not set| | |not required to unlock the | |
|MMC | | | |( Not Applicable |to “Enabled”. | | |workstation. | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.27 | |- | |( Finding |( The value for “Interactive logon: Smart card removal | |3.047 |The Smart Card removal option is |II |
| | | | |( Not a Finding |behavior” is not set to “Lock Workstation”, or “Force | | |set to take no action. | |
|MMC | | | |( Not Applicable |Logoff”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.28 | |- | |( Finding |( The value for “Microsoft Network Client: Digitally sign | |3.045 |The Windows 2000 SMB client is not |II |
| | | | |( Not a Finding |client communications (if server agrees)” is not set to | | |enabled to perform SMB packet | |
|MMC | | | |( Not Applicable |“Enabled”. | | |signing when possible. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.29 | |- | |( Finding |( The value for “Microsoft Network Server: Digitally sign | |3.046 |The Windows 2000 SMB server is not |II |
| | | | |( Not a Finding |server communications (if client agrees)” is not set to | | |enabled to perform SMB packet | |
|MMC | | | |( Not Applicable |“Enabled”. | | |signing when possible. | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.30 | |- | |( Finding |( The value for “Microsoft Network Client: Send unencrypted| |3.034 |Unencrypted password is sent to 3rd|II |
| | | | |( Not a Finding |password to connect to third-party SMB servers” is not set | | |party SMB server. | |
|MMC | | | |( Not Applicable |to “Disabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.31 | |- | |( Finding |( The value for “Microsoft Network Server: Amount of idle | |4.028 |The amount of idle time before |III |
| | | | |( Not a Finding |time required before disconnecting a session” is not set to| | |disconnecting an SMB session is | |
|MMC | | | |( Not Applicable |”15 minutes” or less. | | |improperly set. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.32 | |- | |( Finding |( The value for “Microsoft Network Server: Disconnect | |4.006 |Users are not forcibly disconnected|III |
| | | | |( Not a Finding |Clients When Logon Hours Expire” is not set to “Enabled”. | | |when logon hours expire. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.33 | |- | |( Finding |( The value for “MSS: (AFD DynamicBackupGrowthDelta) Number| |5.086 |Additional connections for Winsock |III |
| | | | |( Not a Finding |of connections to create when additional connections are | | |applications are not controlled. | |
|MMC | | | |( Not Applicable |necessary for Winsock applications (10 recommended)” is not| | | | |
| | | | |( Not Reviewed |set to “10” or less. | | | | |
| | | | | | | | | | |
|5.04.06.34 | |- | |( Finding |( Tthe value for “MSS: (AFD EnableDynamicBacklog) Enable | |5.087 |Dynamic backlog for Winsock |III |
| | | | |( Not a Finding |dynamic backlog for Winsock applications (recommended)” is | | |applications is not enabled. | |
|MMC | | | |( Not Applicable |not set to “Enabled” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.35 | |- | |( Finding |( The value for “MSS: (AFD MaximumDynamicBacklog) Maximum | |5.088 |The maximum number of quasi-free |III |
| | | | |( Not a Finding |number of quasi-free connections necessary for Winsock | | |connections for Winsock | |
|MMC | | | |( Not Applicable |applications” is not set to a value of “20000 | | |applications are not controlled. | |
| | | | |( Not Reviewed |(recommended)” or less | | | | |
| | | | | | | | | | |
|5.04.06.36 | |- | |( Finding |( The value for “MSS: (AFD MinimumDynamicBacklog) Minimum | |5.089 |The minimum number of free |III |
| | | | |( Not a Finding |number of free connections necessary for Winsock | | |connections for Winsock | |
|MMC | | | |( Not Applicable |applications (20 recommended for system under attack, 10 | | |applications are not controlled. | |
| | | | |( Not Reviewed |otherwise)” is not set to a value between “10” to “20”, | | | | |
| | | | | | | | | | |
|5.04.06.37 | |- | |( Finding |( The value for “MSS: (DisableIPSourceRouting) IP source | |5.090 |Source routing is not disabled. |III |
| | | | |( Not a Finding |routing protection level (protects against packet | | | | |
|MMC | | | |( Not Applicable |spoofing)” is not set to “Highest protection, source | | | | |
| | | | |( Not Reviewed |routing is completely disabled” | | | | |
| | | | | | | | | | |
|5.04.06.38 | |- | |( Finding |( The value for “MSS: (EnableDeadGWDetect) Allow automatic | |5.091 |Dead gateway detection is not |III |
| | | | |( Not a Finding |detection of dead network gateways (could lead to DoS)” is | | |disabled. | |
|MMC | | | |( Not Applicable |not set to “Disabled” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.39 | |- | |( Finding |( The value for “MSS: (EnableICMPRedirect) Allow ICMP | |5.092 |ICMP redirects is not disabled. |III |
| | | | |( Not a Finding |redirects to override OSPF generated routes” is not set to | | | | |
|MMC | | | |( Not Applicable |“Disabled” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.41 | |- | |( Finding |( The value for “MSS: (NoNameReleaseOnDemand) Allow | |5.094 |The NetBIOS name is released on |III |
| | | | |( Not a Finding |computer to ignore NetBIOS name release requests except | | |demand. | |
|MMC | | | |( Not Applicable |from WINS servers” is not set to “Enabled” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.42 | |- | |( Finding |( The value for “MSS: (PerformRouterDiscovery) Allow IDRP | |5.095 |The Internet Router Discovery |III |
| | | | |( Not a Finding |to detect and configure Default Gateway addresses (could | | |Protocol is not disabled. | |
|MMC | | | |( Not Applicable |lead to DoS)” is not set to “Disabled” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.43 | |- | |( Finding |( The value for “MSS: (SynAttackProtect) Syn attack | |5.096 |The system is not protected against|III |
| | | | |( Not a Finding |protection level (protects against DoS)” is not set to | | |Syn attacks. | |
|MMC | | | |( Not Applicable |“Connections time out sooner if a SYN attack is detected” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.44 | |- | |( Finding |( The value for “MSS: | |5.097 |TCP connection response |III |
| | | | |( Not a Finding |(TcpMaxConnectResponseRetransmissions) SYN –ACK | | |retransmissions are not controlled.| |
|MMC | | | |( Not Applicable |retransmissions when a connection is not acknowledged” is | | | | |
| | | | |( Not Reviewed |not set to “3 seconds” or less. | | | | |
| | | | | | | | | | |
|5.04.06.45 | |- | |( Finding |( The value for “MSS: (TcpMaxDataRetransmissions) How many | |5.098 |TCP data retransmissions are not |III |
| | | | |( Not a Finding |times unacknowledged data is retransmitted (3 recommended, | | |controlled. | |
|MMC | | | |( Not Applicable |5 is the default)” is not set to “3” or less | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.46 | |- | |( Finding |( The value for “MSS: (TcpMaxPortsExausted) How many | |5.099 |SYN attack protection initiation is|III |
| | | | |( Not a Finding |dropped connect requests to initiate SYN attack protection | | |not configured properly. | |
|MMC | | | |( Not Applicable |(5 is recommended)” is not set to “5” or less | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.47 | |- | |( Finding |( The value for “MSS: Disable Autorun on all drives” is not| |3.059 |The system is configured to |III |
| | | | |( Not a Finding |set to “255, disable Autorun for all drives” | | |autoplay removable media. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.48 | |- | |( Finding |( The value for “MSS: Enable Safe DLL search mode | |3.088 |The safe DLL search path option is |II |
| | | | |( Not a Finding |(recommended)” is not set to “Enabled” | | |not enabled. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.49 | |- | |( Finding |( The value for “MSS: How often keep-alive packets are sent| |5.100 |The TCP keep-alive time is not |III |
| | | | |( Not a Finding |in milliseconds (300,000 is recommended)” is not set to | | |configured properly. | |
|MMC | | | |( Not Applicable |“300000” or less. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.50 | |- | |( Finding |( The value for “MSS: Percentage threshold for the security| |5.101 |The system doesn’t generate a |IV |
| | | | |( Not a Finding |event log at which the system will generate a warning” is | | |warning when the Security log | |
|MMC | | | |( Not Applicable |not set to “90” or less. | | |reaches a designated size. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.51 | |- | |( Finding |( The value for “MSS: The time in seconds before the screen| |5.102 |The Screen saver grace period is |III |
| | | | |( Not a Finding |saver grace period expires (o recommended)” is not set to | | |not set to 0. | |
|MMC | | | |( Not Applicable |“0” | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.52 | |- | |( Finding |( The value for “Network access: Allow anonymous SID/Name | |3.062 |Anonymous SID/Name translation is |I |
| | | | |( Not a Finding |translation” is not set to “Disabled”. | | |allowed. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.53 | |- | |( Finding |( The value for “Network access: Do not allow anonymous | |3.018 |Anonymous shares are not |I |
| | | | |( Not a Finding |enumeration of SAM accounts” is not set to “Enabled”. | | |restricted. | |
|MMC | | | |( Not Applicable |( The value for “Network access: Do not allow anonymous | | | | |
| | | | |( Not Reviewed |enumeration of SAM accounts and shares” is not set to | | | | |
| | | | | |“Enabled”. | | | | |
|5.04.06.54 | |- | |( Finding |( The value for “Network access: Do not allow storage of | |3.070 |Storage of credentials or .NET |II |
| | | | |( Not a Finding |credentials or .NET passports for network authentication” | | |Passports for network | |
|MMC | | | |( Not Applicable |is not set to “Enabled”. | | |authentication is allowed. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.55 | |- | |( Finding |( The value for “Network access: Let everyone permissions | |3.071 |Everyone permissions are applied to|II |
| | | | |( Not a Finding |apply to anonymous users” is not set to “Disabled”. | | |anonymous users. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.56 | |- | |( Finding |( The value for “Network access: Named pipes that can be | |3.063 |Unauthorized named pipes are |I |
| | | | |( Not a Finding |accessed anonymously” contains entries besides “COMNAP, | | |accessible with anonymous | |
|MMC | | | |( Not Applicable |COMNODE, SQL\QUERY, SPOOLSS, LLSRPC, EPMAPPER, LOCATOR, | | |credentials. | |
| | | | |( Not Reviewed |TrkWks, and TrkSvr”. | | | | |
| | | | | | | | | | |
|5.04.06.57 | |- | |( Finding |( The value for “Network access: Remotely accessible | |3.064 |Unauthorized registry paths are |I |
| | | | |( Not a Finding |registry paths” contains entries besides the permitted | | |remotely accessible. | |
|MMC | | | |( Not Applicable |ones. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.58 | |- | |( Finding |( The value for “Network access: Remotely accessible | |3.108 |Unauthorized registry paths and |I |
| | | | |( Not a Finding |registry paths and sub-paths” contains entries besides the | | |sub-paths are remotely accessible. | |
|MMC | | | |( Not Applicable |permitted ones. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.59 | |- | |( Finding |( The value for “Network access: Shares that can be | |3.065 |Unauthorized shares can be accessed|I |
| | | | |( Not a Finding |accessed anonymously” includes entries. | | |anonymously. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.60 | |- | |( Finding |( The value for “Network access: Sharing and security model| |3.072 |The sharing and security model is |II |
| | | | |( Not a Finding |for local accounts” is not set to “Classic – local users | | |not set to the ‘Classic’ mode. | |
|MMC | | | |( Not Applicable |authenticate as themselves”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.61 | |- | |( Finding |( The value for “Network security: Do not store LAN Manager| |3.073 |LAN Manager hash values are stored |II |
| | | | |( Not a Finding |hash value on next password change” is not set to | | |on password changes. | |
|MMC | | | |( Not Applicable |“Enabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.62 | |- | |( Finding |( The value for “Network security: Force logoff when logon | |3.074 |Users are not forced to logoff when|II |
| | | | |( Not a Finding |hours expire” is not set to “Enabled”. | | |their logon hours expire. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.63 | |- | |( Finding |( The value for “Network security: LAN Manager | |3.031 |The Send download LanMan compatible|II |
| | | | |( Not a Finding |authentication level” is not set to “Send NTLMv2 response | | |password is not set to “Send NTLMv2| |
|MMC | | | |( Not Applicable |only\refuse LM & NTLM”. | | |response only.” | |
|Γ | | | |( Not Reviewed | | | | | |
|ι | | | | | | | | | |
|5.04.06.64 | |- | |( Finding |( The value for “Network security: LDAP client signing | |3.075 |LDAP client signing is not |II |
| | | | |( Not a Finding |requirements” is not set to at least “Require signing”. | | |required. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.65 | |- | |( Finding |( The value for “Network security: Minimum session security| |3.076 |NTLMv2 & 128 bit encryption is not |II |
| | | | |( Not a Finding |for NTLM SSP based (including secure RPC) clients” is not | | |required for NTLM SSP-based | |
|MMC | | | |( Not Applicable |at least set to “NTLMv2 session security” and require | | |clients. | |
| | | | |( Not Reviewed |“128-bit encryption”. | | | | |
| | | | | | | | | | |
|5.04.06.66 | |- | |( Finding |( The value for “Network security: Minimum session security| |3.089 |NTLMv2 & 128 bit encryption is not |II |
| | | | |( Not a Finding |for NTLM SSP based (including secure RPC) servers” is not | | |required for NTLM SSP-based | |
|MMC | | | |( Not Applicable |at least set to “NTLMv2 session security” and require | | |servers. | |
| | | | |( Not Reviewed |“128-bit encryption”. | | | | |
| | | | | | | | | | |
|5.04.06.67 | |- | |( Finding |( The value for “Recovery Console: Allow automatic | |3.049 |The Recovery Console option is set |I |
| | | | |( Not a Finding |administrative logon” is not set to “Disabled”. | | |to permit automatic logon to the | |
|MMC | | | |( Not Applicable | | | |system. | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.68 | |- | |( Finding |( The value for “Recovery Console: Allow floppy copy and | |3.048 |The Recovery Console SET command is|III |
| | | | |( Not a Finding |access to all drives and folders” is not set to | | |enabled. | |
|MMC | | | |( Not Applicable |“Disabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.69 | |- | |( Finding |( The value for “Shutdown: Allow shutdown without having to| |3.007 |The system allows shutdown from the|IV |
| | | | |( Not a Finding |log on” is not set to ”Disabled”. | | |logon dialog box. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.70 | |- | |( Finding |( The value for “Shutdown: Clear virtual memory pagefile” | |3.003 |System pagefile is not cleared upon|II |
| | | | |( Not a Finding |is not set to “Enabled”. | | |shutdown. | |
|MMC | | | |( Not Applicable | | | | | |
|Γ | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.71 | |- | |( Finding |( The value for “System cryptography: Force strong key | |3.109 |Users are not required to enter a |II |
| | | | |( Not a Finding |protection for user keys stored in the computer” is not set| | |password to access private keys. | |
|MMC | | | |( Not Applicable |to “User must enter a password each time they use a key”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.72 | |- | |( Finding |( The value for “System cryptography: Use FIPS compliant | |3.077 |FIPS compliant algorithms are not |II |
| | | | |( Not a Finding |algorithms for encryption, hashing, and signing” is notset | | |used for encryption, hashing, and | |
|MMC | | | |( Not Applicable |to “Enabled”. | | |signing. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.73 | |- | |( Finding |( The value for “System objects: Default owner for object | |2.016 |Objects created by members of the |II |
| | | | |( Not a Finding |created by members of the Administrators group” is not set | | |administrators group are owned by | |
|MMC | | | |( Not Applicable |to “Object creator”. | | |the group instead of the | |
| | | | |( Not Reviewed | | | |individual, by default. | |
| | | | | | | | | | |
|5.04.06.74 | |- | |( Finding |( The value for “System Object: Require Case Insensitivity | |3.078 |Case insensitivity is not required |II |
| | | | |( Not a Finding |for Non-Windows Subsystems” is not set to “Enabled”. | | |for non-Windows subsystems. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.06.75 | |- | |( Finding |( The value for “System Objects: Strengthen default | |3.055 |The default permissions of global |III |
| | | | |( Not a Finding |permissions of global system objects (e.g. Symbolic links)”| | |system objects are not increased. | |
|MMC | | | |( Not Applicable |is not set to “Enabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.76 | |- | |( Finding |( The value for “System Settings: Optional Subsystems” has | |3.110 |Optional Subsystems are permitted |III |
| | | | |( Not a Finding |entries listed. | | |to operate on the system. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.06.77 | |- | |( Finding |( The value for “System Settings: Use Certificate Rules on | |3.111 |Software certificate restriction |II |
| | | | |( Not a Finding |Windows Executables for Software Restriction Policies” is | | |policies are not enforced. | |
|MMC | | | |( Not Applicable |not set to “Enabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5.04.07.1 | |- | |( Finding |The following event logs have invalid threshold sizes: | |5.002 |Event log sizes do not meet minimum|II |
| | | | |( Not a Finding |( The value for “Maximum application log size” is not set | | |requirements. | |
|MMC | | | |( Not Applicable |to a minimum of “81920 kilobytes”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | |( The value for “Maximum security log size” is not set to a| | | | |
| | | | | |minimum of “81920 kilobytes”. | | | | |
| | | | | | | | | | |
| | | | | |( The value for “Maximum system log size” is not set to a | | | | |
| | | | | |minimum of “81920 kilobytes”. | | | | |
|5.04.07.2 | |- | |( Finding |( The value for “Restrict guest access to application log” | |3.021 |Anonymous access to the event logs |II |
| | | | |( Not a Finding |is not set to “Enabled”. | | |is not restricted. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed |( The value for “Restrict guest access to security log” is | | | | |
| | | | | |not set to “Enabled”. | | | | |
| | | | | | | | | | |
| | | | | |( The value for “Restrict guest access to system log” is | | | | |
| | | | | |not set to “Enabled”. | | | | |
|5.04.07.3 | |- | |( Finding |( The value for “Retention method for application log” is | |5.001 |Security events are not properly |II |
| | | | |( Not a Finding |not set to “Do not overwrite events”. | | |preserved. | |
|MMC | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed |( The value for “Retain security log” is not set to “Do not| | | | |
| | | | | |overwrite events”. | | | | |
| | | | | | | | | | |
| | | | | |( The value for “Retain system log” is not set to “Do not | | | | |
| | | | | |overwrite events”. | | | | |
|5.04.08 | |- | |( Finding |ACLs for disabled services are not configured to meet DISA | |2.014 |ACLs for disabled services do not |II |
| | | | |( Not a Finding |requirements. Discrepancies between the checklist and the | | |conform to minimum standards. | |
|MMC | | | |( Not Applicable |local system are listed as follows: | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.09.1 | |- | |( Finding |( Registry value does not exist. | |3.030 |Anonymous access to the Registry is|I |
| | | | |( Not a Finding |( ACL for Winreg key does not conform to minimum | | |not restricted. | |
|MMC | | | |( Not Applicable |requirements. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.09.2 | |- | |( Finding |( System-level auditing is not enabled. | |3.010 |Registry key-auditing configuration|II |
| | | | |( Not a Finding |( The Everyone Group is not audited. | | |does not meet minimum requirements.| |
|MMC | | | |( Not Applicable |Discrepancies between the checklist and the local system | | | | |
| | | | |( Not Reviewed |are listed as follows: | | | | |
| | | | | | | | | | |
|5.04.10.1 | |- | |( Finding |( Partition is not NTFS. | |2.006 |ACLs for system files and |II |
| | | | |( Not a Finding |Examples of discrepancies between the checklist and the | | |directories do not conform to | |
|MMC | | | |( Not Applicable |local system are listed as follows: | | |minimum requirements. | |
|ι | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.04.10.2 | |- | |( Finding |( Partition is not NTFS. | |2.007 |File-auditing configuration does |II |
| | | | |( Not a Finding |( System-level auditing is not enabled. | | |not meet minimum requirements. | |
|MMC | | | |( Not Applicable |( The Everyone Group is not audited. | | | | |
| | | | |( Not Reviewed |Examples of discrepancies between the checklist and the | | | | |
| | | | | |local system are listed as follows: | | | | |
|5.05.1 | |- | |( Finding |( No screen saver is configured. | |5.006 |Current user account is not set |II |
| | | | |( Not a Finding |( The timeout value is specified as ________ minutes. | | |with a password-protected screen | |
|Ctrl. Panel | | | |( Not Applicable |( The “Password protected” option is not checked. | | |saver. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.05.2 | |- | |( Finding |The boot options that appear in the drop-down listbox (or | |5.003 |Booting into alternate operating |II |
| | | | |( Not a Finding |“BOOT.INI”) contain operating systems that are not STIG | | |systems is permitted. | |
|Ctrl. Panel | | | |( Not Applicable |compliant. The non-compliant system entries are listed as | | | | |
| | | | |( Not Reviewed |follows: | | | | |
| | | | | | | | | | |
|5.06.01.01.1 | |- | |( Finding |( The value for “Disable remote Desktop Sharing” is not set| |5.027 |Remote desktop sharing through |II |
| | | | |( Not a Finding |to “Enabled”. | | |NetMeeting is enabled. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.1 | |- | |( Finding |( The value for “Security Zones: Use only machine settings”| |5.028 |Use of machine based security zone |II |
| | | | |( Not a Finding |is not set to “Enabled”. | | |settings is not enforced. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.2 | |- | |( Finding |( The value for “Security Zones: Do Not Allow Users to | |5.029 |Users are allowed to change the |II |
| | | | |( Not a Finding |Change Policies” is not set to “Enabled”. | | |I.E. security policies. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.3 | |- | |( Finding |( The value for “Security Zones: Do Not Allow Users to | |5.030 |Users are allowed to add or delete |II |
| | | | |( Not a Finding |Add/Delete Sites” is not set to “Enabled”. | | |sites to the I.E. security zones. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.4 | |- | |( Finding |( The value for “Make proxy settings per-machine (rather | |5.031 |Proxy server settings are not per |II |
| | | | |( Not a Finding |than per user)” is not set to “Enabled”. | | |machine. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.5 | |- | |( Finding |( The value for “Disable Automatic Install of Internet | |5.032 |Automatic install of I.E. |II |
| | | | |( Not a Finding |Explorer components” is not set to “Enabled”. | | |components is not disabled. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.6 | |- | |( Finding |( The value for “Disable Periodic Check for Internet | |5.033 |I.E. automatically checks for |II |
| | | | |( Not a Finding |Explorer Software Updates” is not set to “Enabled”. | | |program updates. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.02.7 | |- | |( Finding |( The value for “Disable Software Update Shell | |5.034 |Users are not notified if an I.E. |II |
| | | | |( Not a Finding |Notifications on Program Launch” is not set to “Disabled”. | | |software distribution channel is | |
|Reg. Editor | | | |( Not Applicable | | | |used to modify software on their | |
| | | | |( Not Reviewed | | | |system. | |
|5. 06.01.03.1 | |- | |( Finding |( The value for “Hide property pages” is not set to | |5.035 |Task property pages are viewable. |III |
| | | | |( Not a Finding |“Enabled”. | | | | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.03.2 | |- | |( Finding |( The value for “Prohibit New Task Creation” is not set to | |5.036 |New task creation is not disabled. |III |
| | | | |( Not a Finding |“Enabled”. | | | | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.01 | |- | |( Finding |( The value for “Limit Users to One Remote Session” is not | |5.038 |Users are not limited to one |II |
| | | | |( Not a Finding |set to “Enabled”. | | |session. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.02 | |- | |( Finding |( The value for “Limit Number of Connections” is not set to| |5.039 |The number of incoming connections |II |
| | | | |( Not a Finding |“Enabled”, and the value ‘TS maximum connections | | |is not limited. | |
|Reg. Editor | | | |( Not Applicable |allowed” is no more than “1”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.03 | |- | |( Finding |( The value for “Do Not Allow Local Administrators to | |5.041 |Local administrators can customize |II |
| | | | |( Not a Finding |Customize Permissions” is not set to “Enabled”. | | |Terminal Services permissions. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.04 | |- | |( Finding |( The value for “Remote control settings” is not set to | |3.066 |Remote control of the system is |I |
| | | | |( Not a Finding |“Enabled” and that the “Options” are set to “No remote | | |allowed. | |
|Reg. Editor | | | |( Not Applicable |control allowed”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.05 | |- | |( Finding |( The value for “Always Prompt Client for Password upon | |5.042 |Clients are not always prompted for|II |
| | | | |( Not a Finding |Connection” is not set to “Enabled”. | | |a password on connection. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.06 | |- | |( Finding |( The value for “Set Client Encryption Level” is not set to| |5.043 |The client encryption level is not |II |
| | | | |( Not a Finding |“Enabled”, and set to “high” if in a homogenous XP | | |set to ‘High’. | |
|Reg. Editor | | | |( Not Applicable |environment or “client compatible” if non-XP terminal | | | | |
| | | | |( Not Reviewed |services clients are in use. | | | | |
|5. 06.01.04.07 | |- | |( Finding |( The value for “Secure Server (Require Security)” is not | |5.103 |The Terminal Server does not |II |
| | | | |( Not a Finding |set to “Enabled”. | | |require secure RPC communication. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.08 | |- | |( Finding |( The value for “Do Not Use Temp Folders per Session” is | |5.044 |A common temporary folder is used |II |
| | | | |( Not a Finding |not set to “Disabled”. | | |instead of a per-session temporary | |
|Reg. Editor | | | |( Not Applicable | | | |folder. | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.09 | |- | |( Finding |( The value for “Do Not Delete Temp Folder upon Exit” is | |5.045 |The temp folder is not deleted when|II |
| | | | |( Not a Finding |not set to “Disabled”. | | |the session terminates. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.10 | |- | |( Finding |( The value for “Set Time Limit for Disconnected Sessions” | |5.046 |The time limit for disconnected |II |
| | | | |( Not a Finding |is not set to “Enabled”, and the “End a disconnected | | |sessions is more than 1 minute. | |
|Reg. Editor | | | |( Not Applicable |session” is not set to “1” minute or less. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.11 | |- | |( Finding |( The value for “Set Time Limit for Idle Sessions” is not | |5.047 |The time limit for idle session is |II |
| | | | |( Not a Finding |set to “Enabled”, and the “Idle session limit” is not set | | |more than 15 minutes. | |
|Reg. Editor | | | |( Not Applicable |15 minutes or less. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.12 | |- | |( Finding |( The value for “Allow Reconnection from Original Client | |5.048 |Reconnections from clients other |II |
| | | | |( Not a Finding |Only” is not set to “Enabled”. | | |than the original are allowed. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.04.13 | |- | |( Finding |( The value for “Terminate Session When Time Limits are | |5.049 |Sessions are not terminated when |II |
| | | | |( Not a Finding |Reached” is not set to “Enabled”. | | |time limits are reached. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.01 | |- | |( Finding |( The value for “Always Install with Elevated Privileges” | |4.037 |Windows installer always installs |I |
| | | | |( Not a Finding |is not set to “Disabled”. | | |with elevated privileges. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.02 | |- | |( Finding |( The value for “Disable IE Security Prompt for Windows | |5.050 |Users are not prompted when a |III |
| | | | |( Not a Finding |Installer Scripts” is not set to “Disabled”. | | |program attempts to install through| |
|Reg. Editor | | | |( Not Applicable | | | |I.E. | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.03 | |- | |( Finding |( The value for “Enable User Control Over Installs” is not | |5.051 |Non-administrative users have |II |
| | | | |( Not a Finding |set to “Disabled”. | | |control over installation packages.| |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.04 | |- | |( Finding |( The value for “Enable User to Browse for Source While | |5.052 |The user may browse while executing|II |
| | | | |( Not a Finding |Elevated” is not set to “Disabled”. | | |an install with elevated | |
|Reg. Editor | | | |( Not Applicable | | | |privileges. | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.05 | |- | |( Finding |( The value for “Enable User to Use Media Source While | |5.053 |The user may use media while |II |
| | | | |( Not a Finding |Elevated” is not set to “Disabled”. | | |executing an install with elevated | |
|Reg. Editor | | | |( Not Applicable | | | |privileges. | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.06 | |- | |( Finding |( The value for “Enable User to Patch Elevated Products” is| |5.054 |The user may patch products that |II |
| | | | |( Not a Finding |not set to “Disabled”. | | |were installed with elevated | |
|Reg. Editor | | | |( Not Applicable | | | |privileges. | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.07 | |- | |( Finding |( The value for “Allow Admin to Install from Terminal | |5.055 |Software installation is allowed |II |
| | | | |( Not a Finding |Services Session” is not set to “Disabled”. | | |through Terminal Services sessions.| |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.05.08 | |- | |( Finding |( The value for “Cache Transforms in Secure Location on | |5.056 |Transforms are not cached in a |II |
| | | | |( Not a Finding |Workstation” is not set to “Enabled”. | | |secure location on the workstation.| |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.06.01 | |- | |( Finding |( The required registry value doesn’t exists. | |5.060 |Windows Media Player for Automatic |II |
| | | | |( Not a Finding | | | |Updates are not disabled. | |
|Reg. Editor | | | |( Not Applicable |( The registry value is not set to “1”. | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.06.01.07.01 | |- | |( Finding |( The value for “Do Not Allow Windows Messenger to be Run” | |5.017 |The user is allowed to launch |II |
| | | | |( Not a Finding |is not set to “Enabled”. | | |Windows Messenger (MSN Messenger, | |
|Reg. Editor | | | |( Not Applicable | | | |.NET Messenger). | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.07.02 | |- | |( Finding |( The value for “Do Not Automatically Start Windows | |5.018 |Windows Messenger (MSN Messenger, |II |
| | | | |( Not a Finding |Messenger Initially” is not set to “Enabled”. | | |.NET messenger) is run at system | |
|Reg. Editor | | | |( Not Applicable | | | |startup. | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.07.03 | |- | |( Finding |( Windows Messenger is installed and has not been | |5.105 |Windows Messenger has not been |II |
| | | | |( Not a Finding |configured to prevent access to the Internet | | |configured to prevent access to the| |
|Reg. Editor | | | |( Not Applicable | | | |Internet. | |
| | | | |( Not Reviewed | | | | | |
|5.06.01.08.01 | |- | |( Finding |( The value for “Always Wait for the Network at Computer | |3.067 |The computer does not wait for the |II |
| | | | |( Not a Finding |Startup and Logon” is not set to “Enabled”. | | |network at computer startup. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.09.01 | |- | |( Finding |( The value for “Turn Off Background Refresh of Group | |3.080 |Background refresh of group policy |II |
| | | | |( Not a Finding |Policy” is not set to “Disabled”. | | |is disabled. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.09.02 | |- | |( Finding |( The value for “Registry Policy Processing” is not set to | |3.112 |Group Policy objects are not |II |
| | | | |( Not a Finding |“Enabled”, | | |reprocessed if they have not | |
|Reg. Editor | | | |( Not Applicable |and | | |changed. | |
| | | | |( Not Reviewed |the option “Process even if the Group Policy objects have | | | | |
| | | | | |not changed” is not selected. | | | | |
|5. 06.01.10.01 | |- | |( Finding |( The value for “Solicited Remote Assistance” is not set to| |3.068 |Solicited Remote Assistance is |I |
| | | | |( Not a Finding |“Disabled”. | | |allowed. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.10.02 | |- | |( Finding |( The value for “Offer Remote Assistance” is not set to | |3.082 |Remote Assistance offers are |II |
| | | | |( Not a Finding |“Disabled”. | | |allowed. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.11.01 | |- | |( Finding |( The value for “Report Errors” is not set to “Disabled”. | |3.083 |Error Reporting is not disabled. |II |
| | | | |( Not a Finding | | | | | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.12.01 | |- | |( Finding |( The value for “Configure Windows NTP Client” is set to | |3.084 |The Windows time Service uses an |III |
| | | | |( Not a Finding |“Enabled” and the “NtpServer” field points to the Microsoft| | |unauthorized time server. | |
|Reg. Editor | | | |( Not Applicable |time server (e.g. time.). | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.13.01 | |- | |( Finding |( The value for “Prohibit Use of Internet Connection | |3.085 |Internet Connection Sharing is not |II |
| | | | |( Not a Finding |Sharing on your DNS Domain Network” is not set to | | |prohibited. | |
|Reg. Editor | | | |( Not Applicable |“Enabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.13.02 | |- | |( Finding |( The value for “Prohibit Installation and Configuration of| |3.086 |The system is not prohibited from |II |
| | | | |( Not a Finding |Network Bridge on your DNS Domain Network” is not set to | | |acting as a network bridge. | |
|Reg. Editor | | | |( Not Applicable |“Enabled”. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.14.01 | |- | |( Finding |( The value for “Communities” is set to “Enabled”, and | |5.057 |Well known community names are used|II |
| | | | |( Not a Finding |well-known community names such as “Private” and “Public” | | |with the SNMP service. | |
|Reg. Editor | | | |( Not Applicable |are used. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.14.02 | |- | |( Finding |( The value for “Permitted Managers” is set to “Enabled”, | |5.058 |A list of authorized SNMP managers |II |
| | | | |( Not a Finding |and a list of permitted managers is not used used. | | |is not configured. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.14.03 | |- | |( Finding |( The value for “Traps for Public Community” is set to | |5.059 |A list of authorized SNMP trap |II |
| | | | |( Not a Finding |“Enabled”, and the list of trap recipients contains | | |recipients is not configured. | |
|Reg. Editor | | | |( Not Applicable |unauthorized recipients. | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.15.01 | |- | |( Finding |( The value for “Disallow Installation of Printers Using | |3.087 |Installation of printers using |II |
| | | | |( Not a Finding |Kernel-mode Drivers” is not set to “Enabled”. | | |kernel mode drivers is allowed. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5. 06.01.16.01 | |- | |( Finding |( The value for “Prevent Codec Download” is not set to | |5.061 |Automatic Codec downloads for |II |
| | | | |( Not a Finding |“Enabled”. | | |Windows Media Player are not | |
|Reg. Editor | | | |( Not Applicable | | | |disabled. | |
| | | | |( Not Reviewed | | | | | |
|5.06.2 | |- | |( Finding |The prohibited registry value exists. | |3.002 |POSIX subsystem registry key |II |
| | | | |( Not a Finding |( Posix | | |exists. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
|Γ | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.06.3 | |- | |( Finding |( The following security related software patches have not | |2.019 |Critical software patches are not |II |
| | | | |( Not a Finding |been applied: | | |being applied. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.06.4 | |- | |( Finding |( The Recycle Bin has not been configured to delete files. | |3.051 |The Recycle Bin on a Server is not |III |
| | | | |( Not a Finding | | | |configured to delete files.. | |
|Reg. Editor | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.07.1.1 | |- | |( Finding |The following accounts on the local system do not require | |4.017 |Local user account does not require|I |
| | | | |( Not a Finding |passwords: | | |a password. | |
|Dump-Sec | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.07.1.2 | |- | |( Finding |The following accounts on the local system have passwords | |4.018 |Local user account password does |II |
| | | | |( Not a Finding |that do not expire: | | |not expire. | |
|Dump-Sec | | | |( Not Applicable | | | | | |
|ι | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.07.1.3 | |- | |( Finding |The following dormant accounts exist on the local system: | |4.019 |Local user account is dormant. |III |
| | | | |( Not a Finding | | | | | |
|Dump-Sec | | | |( Not Applicable | | | | | |
|ι | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.07.1.4 | |- | |( Finding |A decoy Administrator account has not been created. | |4.023 |A decoy Administrator account does |III |
| | | | |( Not a Finding | | | |not exist. | |
|Dump-Sec | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.07.1.5 | |- | |( Finding |A user, who does not have administrator duties, is a member| |4.027 |A regular user has Administrator |II |
| | | | |( Not a Finding |of the Administrators group. | | |rights on the system. | |
|Dump-Sec | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.07.1.6 | |- | |( Finding |The decoy administrator account is still enabled. | |4.035 |The decoy administrator account has|IV |
| | | | |( Not a Finding | | | |not been disabled. | |
|Dump-Sec | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.07.1.7 | |- | |( Finding |The HelpAssistant or Support_388945a0 accounts have not | |4.048 |The HelpAssistant or |II |
| | | | |( Not a Finding |been disabled | | |Support_388945a0 accounts are not | |
|Dump-Sec | | | |( Not Applicable | | | |disabled. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.08.1.1 | |- | |( Finding | | |5.004 |Installed FTP server is configured |II |
| | | | |( Not a Finding | | | |to allow prohibited logons. | |
|Cmd. Prompt | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.08.1.2 | |- | |( Finding | | |5.005 |Installed FTP server is configured |I |
| | | | |( Not a Finding | | | |to allow access to the system | |
|Cmd. Prompt | | | |( Not Applicable | | | |drive. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.09.1.1.1 | |- | |( Finding |( IAVM 2003-A-0017 is not applied. | |6.021 |DOD-CERT IAVM Alert 2003-A-0017, |I |
|WinOS | | | |( Not a Finding | | | |Hotfix KB828035, Microsoft | |
| | | | |( Not Applicable | | | |Messenger Service Buffer Overrun | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.1.1.2 | |- | |( Finding |( IAVM 2004-A-0005 is not applied. | |6.025 |DOD-CERT Alert 2004-A-0005, Hotfix |I |
|WinOS | | | |( Not a Finding | | | |KB828741, Multiple Microsoft | |
| | | | |( Not Applicable | | | |Windows RPC/DCOM Vulnerabilities, | |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.1.1.3 | |- | |( Finding |( IAVM 2004-A-0006 is not applied. | |6.026 |DOD-CERT IAVM Alert 2004-A-0006, |I |
|WinOS | | | |( Not a Finding | | | |Hotfix KB835732, Vulnerabilities in| |
| | | | |( Not Applicable | | | |Multiple Microsoft Operating | |
| | | | |( Not Reviewed | | | |Systems, has not been applied. | |
|5.09.1.1.4 | |- | |( Finding |( IAVM 2004-A-0012 is not applied. | |6.028 |DOD-CERT IAVM Alert 2004-A-0012, |I |
|WinOS | | | |( Not a Finding | | | |Hotfix KB840315, Microsoft Windows | |
| | | | |( Not Applicable | | | |HTML Help Heap Overflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.1.1.5 | |- | |( Finding |( IAVM 2004-A-0017 is not applied. | |6.037 |DOD-CERT IAVM Alert 2004-A-0017, |I |
|WinOS | | | |( Not a Finding | | | |KB840987, Multiple Vulnerabilities | |
| | | | |( Not Applicable | | | |in Microsoft Windows Operating | |
| | | | |( Not Reviewed | | | |Systems, has not been applied. | |
|5.09.1.1.6 | |- | |( Finding |( IAVM 2004-A-0018 is not applied. | |6.043 |DOD-CERT IAVM Alert 2004-A-0018, |I |
|WinOS | | | |( Not a Finding | | | |KB883935, Microsoft Network News | |
| | | | |( Not Applicable | | | |Transfer Protocol (NNTP) Component | |
| | | | |( Not Reviewed | | | |Buffer Overflow Vulnerability, has | |
| | | | | | | | |not been applied. | |
|5.09.1.1.7 | |- | |( Finding |( IAVM 2004-A-0019 is not applied. | |6.044 |DOD-CERT IAVM Alert 2004-A-0019, |I |
|WinOS | | | |( Not a Finding | | | |KB841356, Microsoft Windows Shell | |
| | | | |( Not Applicable | | | |Long Share Name Buffer Overrun | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.1.1.8 | |- | |( Finding |( IAVM 2005-A-0001 is not applied. | |6.049 |DOD-CERT IAVM Alert 2005-A-0001, |I |
|WinOS | | | |( Not a Finding | | | |KB891711, Multiple Vulnerabilities | |
| | | | |( Not Applicable | | | |in Microsoft Windows, has not been | |
| | | | |( Not Reviewed | | | |applied. | |
|5.09.1.1.9 | |- | |( Finding |( IAVM 2005-A-0002 is not applied. | |6.053 |DOD-CERT IAVM Alert 2005-A-0002, |I |
|WinOS | | | |( Not a Finding | | | |KB890175, Vulnerability in HTML | |
| | | | |( Not Applicable | | | |Help Could Allow Code Execution, | |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.1.1.10 | |- | |( Finding |( IAVM 2005-A-0006 is not applied. | |6.055 |DOD-CERT IAVM Alert 2005-A-0006, |I |
|WinOS | | | |( Not a Finding | | | |KB890047 and KB867282, Multiple | |
| | | | |( Not Applicable | | | |Vulnerabilities in Microsoft | |
| | | | |( Not Reviewed | | | |Internet Explorer and Windows | |
| | | | | | | | |Operating Systems, has not been | |
| | | | | | | | |applied. | |
|5.09.1.1.11 | |- | |( Finding |( IAVM 2005-A-0007 is not applied. | |6.056 |DOD-CERT IAVM Alert 2005-A-0007, |I |
|WinOS | | | |( Not a Finding | | | |KB873333, Vulnerability in OLE and | |
| | | | |( Not Applicable | | | |COM Could Allow Remote Code | |
| | | | |( Not Reviewed | | | |Execution. | |
|5.09.1.2.1 | |- | |( Finding |( IAVM 2003-B-0004 is not applied. | |6.016 |DOD-CERT IAVM Bulletin 2003-B-0004,|II |
|WinOS | | | |( Not a Finding | | | |Hotfix 823559, Microsoft Internet | |
| | | | |( Not Applicable | | | |Explorer HTML Converter Buffer | |
| | | | |( Not Reviewed | | | |Overflow Vulnerability, has not | |
| | | | | | | | |been applied. | |
|5.09.1.2.2 | |- | |( Finding |( IAVM 2003-B-0006 is not applied. | |6.018 |DOD-CERT IAVM Bulletin 2003-B-0006,|II |
|WinOS | | | |( Not a Finding | | | |Hotfix KB823182, Microsoft | |
| | | | |( Not Applicable | | | |Authenticode Verification | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.1.2.3 | |- | |( Finding |( IAVM 2004-B-0002 is not applied. | |6.023 |DOD-CERT IAVM Bulletin, |II |
|WinOS | | | |( Not a Finding | | | |2004-B-0002, Multiple Vendor H.323 | |
| | | | |( Not Applicable | | | |Protocol Implementation | |
| | | | |( Not Reviewed | | | |Vulnerabilities, has not been | |
| | | | | | | | |applied. | |
|5.09.1.2.4 | |- | |( Finding |( IAVM 2004-B-0013 is not applied. | |6.039 |DOD-CERT IAVM Bulletin 2004-B-0013,|II |
|WinOS | | | |( Not a Finding | | | |KB885881, Microsoft SMTP Service | |
| | | | |( Not Applicable | | | |and Exchange Routing Engine Buffer | |
| | | | |( Not Reviewed | | | |Overflow, has not been applied. | |
|5.09.1.2.5 | |- | |( Finding |( IAVM 2004-B-0016 is not applied. | |6.046 |DOD-CERT IAVM Bulletin 2004-B-0016,|I |
|WinOS | | | |( Not a Finding | | | |KB870763, Vulnerability in WINS | |
| | | | |( Not Applicable | | | |Could Allow Remote Code Execution, | |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.1.2.6 | |- | |( Finding |( IAVM 2005-B-0004 is not applied. | |6.057 |DOD-CERT IAVM Bulletin 2005-B-0004,|II |
|WinOS | | | |( Not a Finding | | | |KB888113, Microsoft Windows | |
| | | | |( Not Applicable | | | |Hyperlink Object Library Buffer | |
| | | | |( Not Reviewed | | | |Overflow Vulnerability. | |
|5.09.1.3.1 | |- | |( Finding |( IAVM 2004-T-0031 is not applied. | |6.038 |DOD-CERT IAVM Technical Advisory |II |
|WinOS | | | |( Not a Finding | | | |2004-T-0031, KB873376, Microsoft | |
| | | | |( Not Applicable | | | |Windows Compressed (zipped) Folder | |
| | | | |( Not Reviewed | | | |Buffer Overflow Vulnerability, has | |
| | | | | | | | |not been applied. | |
|5.09.1.3.2 | |- | |( Finding |( IAVM 2004-T-0033 is not applied. | |6.035 |DOD-CERT IAVM Technical Advisory |III |
|WinOS | | | |( Not a Finding | | | |2004-T-0033, KB824151, Microsoft | |
| | | | |( Not Applicable | | | |IIS Server WebDAV XML Requests | |
| | | | |( Not Reviewed | | | |Denial of Service Vulnerability, | |
| | | | | | | | |has not been applied. | |
|5.09.1.3.3 | |- | |( Finding |( IAVM 2004-T-0035 is not applied. | |6.036 |DOD-CERT IAVM Technical Advisory |III |
|WinOS | | | |( Not a Finding | | | |2004-T-0035, KB841533, Microsoft | |
| | | | |( Not Applicable | | | |Windows NetDDE Remote Buffer | |
| | | | |( Not Reviewed | | | |Overflow Vulnerability, has not | |
| | | | | | | | |been applied. | |
|5.09.1.3.4 | |- | |( Finding |( IAVM 2004-T-0040 is not applied. | |6.048 |DOD-CERT IAVM Technical Advisory |III |
|WinOS | | | |( Not a Finding | | | |2004-T-0040, KB885835, | |
| | | | |( Not Applicable | | | |Vulnerabilities in Windows Kernel | |
| | | | |( Not Reviewed | | | |and LSASS Could Allow Elevation of | |
| | | | | | | | |Privilege, has not been applied. | |
|5.09.1.3.5 | |- | |( Finding |( IAVM 2005-T-0001 is not applied. | |6.054 |DOD-CERT IAVM Technical Advisory |II |
|WinOS | | | |( Not a Finding | | | |2005-T-0001, KB871250, Microsoft | |
| | | | |( Not Applicable | | | |Windows Indexing Service Buffer | |
| | | | |( Not Reviewed | | | |Overflow Vulnerability, has not | |
| | | | | | | | |been applied. | |
|5.09.1.3.6 | |- | |( Finding |( IAVM 2005-T-0003 is not applied. | |6.058 |DOD-CERT IAVM Technical Advisory |III |
|WinOS | | | |( Not a Finding | | | |2005-T-0003, KB885834, Microsoft | |
| | | | |( Not Applicable | | | |Windows License Logging Service | |
| | | | |( Not Reviewed | | | |Buffer Overflow Vulnerability. | |
|5.09.1.3.7 | |- | |( Finding |( IAVM 2005-T-0004 is not applied. | |6.059 |DOD-CERT IAVM Technical Advisory |III |
|WinOS | | | |( Not a Finding | | | |2005-T-0004, KB891781, Microsoft | |
| | | | |( Not Applicable | | | |DHTML Editing Component ActiveX | |
| | | | |( Not Reviewed | | | |Control Cross Domain Vulnerability.| |
|5.09.1.3.8 | |- | |( Finding |( IAVM 2005-T-0005v1 is not applied. | |6.061 |DOD-CERT IAVM Technical Advisory |III |
|WinOS | | | |( Not a Finding | | | |2005-T-0005, KB885250, Microsoft | |
| | | | |( Not Applicable | | | |Server Message Block (SMB) Remote | |
| | | | |( Not Reviewed | | | |Vulnerability. | |
|5.09.2.1.1 | |- | |( Finding |( IAVM 2001-A-0012 is not applied. | |7.000 |DOD-CERT IAVM Alert, 2001-A-0012, |I |
|Microsoft | | | |( Not a Finding | | | |Malformed Excel or PowerPoint | |
|Applications | | | |( Not Applicable | | | |Document can Bypass Macro Security,| |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.2.1.2 | |- | |( Finding |( IAVM 2003-A-0001 (V1) is not applied. | |7.023 |DOD-CERT IAVM Alert, |I |
|Microsoft | | | |( Not a Finding | | | |2003-A-0001(v1), Multiple | |
|Applications | | | |( Not Applicable | | | |Vulnerabilities with Nicrosoft SQL | |
| | | | |( Not Reviewed | | | |Server, has not been applied. | |
|5.09.2.1.3 | |- | |( Finding |( IAVM 2004-A-0015 (V1) is not applied. | |7.103 |DOD-CERT IAVM Alert, 2004-A-0015, |I |
|Microsoft | | | |( Not a Finding | | | |Microsoft GDI+ Library JPEG Segment| |
|Applications | | | |( Not Applicable | | | |Length Integer Underflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.2.2.1 | |- | |( Finding |( IAVM 2004-B-0001is not applied. | |7.078 |DOD-CERT IAVM Bulletin, |II |
|Microsoft | | | |( Not a Finding | | | |2004-B-0001, Hotfix Q832483, | |
|Applications | | | |( Not Applicable | | | |Microsoft MDAC Function Broadcast | |
| | | | |( Not Reviewed | | | |Response Buffer Overrun | |
| | | | | | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.2.2.2 | |- | |( Finding |( IAVM 2005-B-0005 is not applied. | |7.110 |DOD-CERT IAVM Bulletin 2005-B-0005,|II |
|Microsoft | | | |( Not a Finding | | | |KB887219, Microsoft URI | |
|Applications | | | |( Not Applicable | | | |Canonicalization Unauthorized Web | |
| | | | |( Not Reviewed | | | |Access Vulnerability. | |
|5.09.2.2.3 | |- | |( Finding |( IAVM 2005-B-0006 is not applied. | |7.111 |DOD-CERT IAVM Bulletin 2005-B-0006,|II |
|Microsoft | | | |( Not a Finding | | | |KB890261, Microsoft Vulnerability | |
|Applications | | | |( Not Applicable | | | |in PNG Processing Could Allow | |
| | | | |( Not Reviewed | | | |Remote Code Execution. | |
|5.09.2.3.1 | |- | |( Finding |( IAVM 1999-T-0016 is not applied. | |7.002 |DOD-CERT IAVM Technical Advisory, |III |
|Microsoft | | | |( Not a Finding | | | |1999-T-0016, Microsoft Excel | |
|Applications | | | |( Not Applicable | | | |Symbolic Link (SYLK) Vulnerability,| |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.2.3.2 | |- | |( Finding |( IAVM 2000-T-0007 is not applied. | |7.003 |DOD-CERT IAVM Technical Advisory, |III |
|Microsoft | | | |( Not a Finding | | | |2000-T-0007, Microsoft Office 2000 | |
|Applications | | | |( Not Applicable | | | |UA ActiveX Control, has not been | |
| | | | |( Not Reviewed | | | |applied. | |
|5.09.2.3.3 | |- | |( Finding |( IAVM 2000-T-0010/2000-T-0010.1 is not applied. | |7.004 |DOD-CERT IAVM Technical Advisory, |III |
|Microsoft | | | |( Not a Finding | | | |2000-T-0010/2000-T-0010.1, | |
|Applications | | | |( Not Applicable | | | |Microsoft “IE Script” and “Office | |
| | | | |( Not Reviewed | | | |2000 HTML Script”, has not been | |
| | | | | | | | |applied. | |
|5.09.2.3.4 | |- | |( Finding |( IAVM 2000-T-0012 is not applied. | |7.005 |DOD-CERT IAVM Technical Advisory, |III |
|Microsoft | | | |( Not a Finding | | | |2000-T-0012, Office 2000 HTML | |
|Applications | | | |( Not Applicable | | | |Object Tag, has not been applied. | |
| | | | |( Not Reviewed | | | | | |
|5.09.2.3.5 | |- | |( Finding |( IAVM 2000-T-0014 is not applied. | |7.006 |DOD-CERT IAVM Technical Advisory, |III |
|Microsoft | | | |( Not a Finding | | | |2000-T-0014, Excel Register.ID | |
|Applications | | | |( Not Applicable | | | |Function, has not been applied. | |
| | | | |( Not Reviewed | | | | | |
|5.09.2.3.7 | |- | |( Finding |( IAVM 2004-T-0015 is not applied. | |6.027 |DOD-CERT IAVM Technical Advisory |II |
|Microsoft | | | |( Not a Finding | | | |2004-T-0015, Hotfix KB840374, | |
|Applications | | | |( Not Applicable | | | |Microsoft Help Center HCP URI | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.2.3.8 | |- | |( Finding |( IAVM 2004-T-0023 is not applied. | |7.097 |DOD-CERT IAVM Technical Advisory |II |
|Microsoft | | | |( Not a Finding | | | |2004-T-0023, Microsoft Exchange | |
|Applications | | | |( Not Applicable | | | |Outlook Web Access Script Injection| |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.2.3.9 | |- | |( Finding |( IAVM 2004-T-0029 is not applied. | |7.104 |DOD-CERT IAVM Technical Advisory |II |
|Microsoft | | | |( Not a Finding | | | |2004-T-0029, Microsoft WordPerfect | |
|Applications | | | |( Not Applicable | | | |Converter Remote Buffer Overflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.2.3.10 | |- | |( Finding |( IAVM 2005-T-0006 is not applied. | |7.112 |DOD-CERT IAVM Technical Advisory |III |
|Microsoft | | | |( Not a Finding | | | |2005-T-0006, KB887981 and KB890829,| |
|Applications | | | |( Not Applicable | | | |Windows SharePoint Services and | |
| | | | |( Not Reviewed | | | |SharePoint Team Services Cross-Site| |
| | | | | | | | |Scripting and Spoofing | |
| | | | | | | | |Vulnerability. | |
|5.09.3.3.1 | |- | |( Finding |( IAVM 2003-T-0032 is not applied. | |7.105 |DOD IAVM Technical Advisory |I |
|WEB Servers | | | |( Not a Finding | | | |2004-T-0032, Multiple | |
| | | | |( Not Applicable | | | |Vulnerabilities in Apache, has not | |
| | | | |( Not Reviewed | | | |been applied. | |
|5.09.4.1.1 | |- | |( Finding |( IAVM 2004-A-0009 is not applied. | |7.084 |DOD-CERT IAVM Alert 2004-A-0009, |I |
|WEB Browsers | | | |( Not a Finding | | | |Microsoft Outlook Express MHTML | |
| | | | |( Not Applicable | | | |Forced File Execution | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.4.2.1 | |- | |( Finding |( IAVM 2000-B-0002 is not applied. | |7.009 |DOD-CERT IAVM Bulletin, |II |
|WEB Browsers | | | |( Not a Finding | | | |2000-B-0002, Netscape Navigator | |
| | | | |( Not Applicable | | | |Improperly Validates SSL Sessions, | |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.5.1.1 | |- | |( Finding |( IAVM 2003-A-0008 is not applied. | |7.014 |DOD-CERT IAVM Alert, 2003-A-0008, |I |
|Other Applications| | | |( Not a Finding | | | |Multiple Overflow Vulnerabilities | |
| | | | |( Not Applicable | | | |in Snort , has not been applied. | |
| | | | |( Not Reviewed | | | | | |
|5.09.5.1.2 | |- | |( Finding |( IAVM 2004-A-0004 is not applied. | |7.079 |DOD-CERT IAVM Alert, 2004-A-0004, |I |
|Other Applications| | | |( Not a Finding | | | |ISS Internet Security Systems ICQ | |
| | | | |( Not Applicable | | | |Parsing Buffer Overflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.5.1.3 | |- | |( Finding |( IAVM 2005-A-0004 is not applied. | |7.109 |DOD-CERT IAVM Alert 2005-A-0004, |I |
|Other Applications| | | |( Not a Finding | | | |Multiple Vulnerabilities in Oracle | |
| | | | |( Not Applicable | | | |Products, has not been applied. | |
| | | | |( Not Reviewed | | | | | |
|5.09.5.2.1 | |- | |( Finding |( IAVM 2004-B-0007 is not applied. | |7.089 |DOD-CERT IAVM Bulletin 2004-B-0007,|I |
|Other Applications| | | |( Not a Finding | | | |HP Web Jetadmin Multiple | |
| | | | |( Not Applicable | | | |Vulnerabilities, has not been | |
| | | | |( Not Reviewed | | | |applied. | |
|5.09.5.2.2 | |- | |( Finding |( IAVM 2004-B-0009 is not applied. | |7.092 |DOD-CERT IAVM Bulletin 2004-B-0009,|II |
|Other Applications| | | |( Not a Finding | | | |Oracle E-Business Suite Multiple | |
| | | | |( Not Applicable | | | |SQL Injection Vulnerability, has | |
| | | | |( Not Reviewed | | | |not been applied. | |
|5.09.5.2.3 | |- | |( Finding |( IAVM 2004-B-0012 is not applied. | |7.094 |DOD-CERT IAVM Bulletin 2004-B-0012,|II |
|Other Applications| | | |( Not a Finding | | | |Adobe Acrobat/Reader File Name | |
| | | | |( Not Applicable | | | |Handler Buffer Overflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.5.2.4 | |- | |( Finding |( IAVM 2004-B-0015 is not applied. | |7.107 |DOD-CERT IAVM Bulletin 2004-B-0015,|II |
|Other Applications| | | |( Not a Finding | | | |Sun Java Runtime Environment Java | |
| | | | |( Not Applicable | | | |Plug-in JavaScript Security | |
| | | | |( Not Reviewed | | | |Restriction Bypass Vulnerability, | |
| | | | | | | | |has not been applied. | |
|5.09.5.2.5 | |- | |( Finding |( IAVM 2005-B-0001 is not applied. | |7.108 |DOD-CERT IAVM Bulletin 2005-B-0001,|II |
|Other Applications| | | |( Not a Finding | | | |Veritas Backup Exec Agent Browser | |
| | | | |( Not Applicable | | | |Buffer Overflow Vulnerability, has | |
| | | | |( Not Reviewed | | | |not been applied. | |
|5.09.5.2.6 | |- | |( Finding |( IAVM 2005-B-0007 is not applied. | |7.113 |DOD-CERT IAVM Bulletin 2005-B-0007,|II |
|Other Applications| | | |( Not a Finding | | | |Symantec UPX Parsing Engine Remote | |
| | | | |( Not Applicable | | | |Heap Overflow Vulnerability, has | |
| | | | |( Not Reviewed | | | |not been applied. | |
|5.09.5.2.7 | |- | |( Finding |( IAVM 2005-B-0008 is not applied. | |7.114 |DOD-CERT IAVM Bulletin 2005-B-0008,|II |
|Other Applications| | | |( Not a Finding | | | |Trend Micro VSAPI ARJ Handling Heap| |
| | | | |( Not Applicable | | | |Overflow Vulnerability, has not | |
| | | | |( Not Reviewed | | | |been applied. | |
|5.09.5..3.1 | |- | |( Finding |( IAVM 2000-T-0015 is not applied. | |7.015 |DOD-CERT IAVM Technical Bulletin, |III |
|Other Applications| | | |( Not a Finding | | | |2000-T-0015, BMC Best/1 Version 6.3| |
| | | | |( Not Applicable | | | |Performance Management System | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.5.3.2 | |- | |( Finding |( IAVM 2001-T-0009 is not applied. | |7.016 |DOD-CERT IAVM Technical Bulletin, |III |
|Other Applications| | | |( Not a Finding | | | |2001-T-0009, Symantic Norton | |
| | | | |( Not Applicable | | | |Antivirus LiveUpdate Host | |
| | | | |( Not Reviewed | | | |Verification Vulnerability, has not| |
| | | | | | | | |been applied. | |
|5.09.5.3.3 | |- | |( Finding |( IAVM 2003-T-0006 is not applied. | |7.017 |DOD-CERT IAVM Technical Bulletin, |III |
|Other Applications| | | |( Not a Finding | | | |2003-T-0006, Vulnerabilities in | |
| | | | |( Not Applicable | | | |McAfee ePolicy Orchestrator Agents,| |
| | | | |( Not Reviewed | | | |has not been applied. | |
|5.09.5.3.4 | |- | |( Finding |( IAVM 2004-T-0007 is not applied. | |7.082 |DOD-CERT IAVM Technical Advisory |II |
|Other Applications| | | |( Not a Finding | | | |2004-T-0007, WinZip UUDeview MIME | |
| | | | |( Not Applicable | | | |Archive Buffer Overflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.5.3.5 | |- | |( Finding |( IAVM 2004-T-0010 is not applied. | |7.085 |DOD-CERT IAVM Technical Advisory |II |
|Other Applications| | | |( Not a Finding | | | |2004-T-0010, DameWare Mini Remote | |
| | | | |( Not Applicable | | | |Control Server Encryption | |
| | | | |( Not Reviewed | | | |Vulnerabilities, has not been | |
| | | | | | | | |applied. | |
|5.09.5.3.6 | |- | |( Finding |( IAVM 2004-T-0011 is not applied. | |7.086 |DOD-CERT IAVM Technical Advisory |I |
|Other Applications| | | |( Not a Finding | | | |2004-T-0011, Oracle Application | |
| | | | |( Not Applicable | | | |Server Web Cache HTTP Request | |
| | | | |( Not Reviewed | | | |Method Heap Overrun Vulnerability, | |
| | | | | | | | |has not been applied. | |
|5.09.5.3.7 | |- | |( Finding |( IAVM 2004-T-0012 is not applied. | |7.091 |DOD-CERT IAVM Technical Advisory, |II |
|Other Applications| | | |( Not a Finding | | | |2004-T-0012, McAfee ePolicy | |
| | | | |( Not Applicable | | | |Orchestrator Vulnerability, has not| |
| | | | |( Not Reviewed | | | |been applied. | |
|5.09.5.3.8 | |- | |( Finding |( IAVM 2004-T-0013 is not applied. | |7.087 |DOD-CERT IAVM Technical Advisory |III |
|Other Applications| | | |( Not a Finding | | | |2004-T-0013, Symantec Multiple | |
| | | | |( Not Applicable | | | |Firewall TCP Options Denial of | |
| | | | |( Not Reviewed | | | |Service, has not been applied. | |
|5.09.5.3.9 | |- | |( Finding |( IAVM 2004-T-0022 is not applied. | |7.096 |DOD-CERT IAVM Technical Advisory |II |
|Other Applications| | | |( Not a Finding | | | |2004-T-0022, Check Point VPN-1 | |
| | | | |( Not Applicable | | | |ASN.1 Buffer Overflow | |
| | | | |( Not Reviewed | | | |Vulnerability, has not been | |
| | | | | | | | |applied. | |
|5.09.5.3.10 | |- | |( Finding |( IAVM 2004-T-0026 is not applied. | |7.099 |DOD-CERT IAVM Technical Advisory |II |
|Other Applications| | | |( Not a Finding | | | |2004-T-0026, Mozilla Network | |
| | | | |( Not Applicable | | | |Security Services Library Remote | |
| | | | |( Not Reviewed | | | |Heap Overflow Vulnerability, has | |
| | | | | | | | |not been applied. | |
|5.09.5.3.11 | |- | |( Finding |( IAVM 2005-T-0007 is not applied. | |7.115 |DOD-CERT IAVM Technical Advisory |III |
|Other Applications| | | |( Not a Finding | | | |2005-T-0007, Multiple | |
| | | | |( Not Applicable | | | |Vulnerabilities in Computer | |
| | | | |( Not Reviewed | | | |Associates Products, has not been | |
| | | | | | | | |applied. | |
|5.10.1.1 | |- | |( Finding |( The Print Services for Unix application is installed. | |5.026 |Print Services for UNIX are |II |
|Add/Remove | | | |( Not a Finding | | | |installed on the system. | |
|Windows Components| | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.10.1.2 | |- | |( Finding |( The common runtime host of the .NET Framework | |5.069 |The .NET Framework is installed |II |
|Add/Remove | | | |( Not a Finding |application is installed. | | | | |
|Windows Components| | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
|5.11.1 | |- | |( Finding |( The MQSeries log is not configured to preserve events. | |8.005 |The MQ Series log has been |II |
| | | | |( Not a Finding | | | |configured to overwrite events. | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.11.2 | |- | |( Finding |( The MQSeries Queue Manager logs are not configured to | |8.006 |The Queue Manager log has been |II |
| | | | |( Not a Finding |preserve events. | | |configured to overwrite events. | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.11.3 | |- | |( Finding |( A MCAUSER attribute contains a blank value. | |8.008 |The “MCAUSER” attribute of a server|I |
| | | | |( Not a Finding | | | |connection channel has a blank | |
| | | | |( Not Applicable | | | |value. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.11.4 | |- | |( Finding |( The MQM group does not exist. | |8.001 |The MQM group does not exist. |II |
| | | | |( Not a Finding | | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.11.5 | |- | |( Finding |( Membership in the MQM group is not restricted. | |8.002 |Membership in the MQM group is not |II |
| | | | |( Not a Finding | | | |restricted to those accounts or | |
| | | | |( Not Applicable | | | |groups needing elevated access to | |
| | | | |( Not Reviewed | | | |MQ Series. | |
| | | | | | | | | | |
|5.11.6 | |- | |( Finding |( Configuration files from older MQSeries releases exist. | |8.007 |Versions of the older MQ.ini and |III |
| | | | |( Not a Finding | | | |QM.ini files exist on the system. | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.11.7 | |- | |( Finding |( ACLs for MQSeries directories and files do not meet DISA | |8.003 |ACLs for MQ Series directories and |II |
| | | | |( Not a Finding |standards. | | |files do not conform to minimum | |
| | | | |( Not Applicable | | | |standards. | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.11.8 | |- | |( Finding |( MQSeries services are running under the local system | |8.004 |MQ Series services are running |II |
| | | | |( Not a Finding |account. | | |under the local system account. | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.1 | |- | |( Finding |( ORACLE Registry key permissions do not meet DISA | |DO3777 |Registry Permissions |II |
| | | | |( Not a Finding |requirements. | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.2 | |- | |( Finding |( ORACLE File and Directory ownership does not meet DISA | |DO3616 |Oracle File Owner |II |
| | | | |( Not a Finding |requirements. | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.3 | |- | |( Finding |( ORACLE File and Directory permissions do not meet DISA | |DO3613 |Oracle File Permissions |II |
| | | | |( Not a Finding |requirements. | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.4 | |- | |( Finding |( File Permissions on the ORACLE file strtSID.cmd do not | |DO3845 |File Permissions – strtSID.cmd |II |
| | | | |( Not a Finding |meet DISA standards. (version 8 only) | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.5 | |- | |( Finding |( File permissions on the ORACLE listener.ora file do not | |DO3623 |File Permissions – Listener.ora |I |
| | | | |( Not a Finding |meet DISA requirements. | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.6 | |- | |( Finding |( File permissions on the ORACLE SNMP files do not meet | |DO3842 |File Permissions – SNMP file |I |
| | | | |( Not a Finding |DISA requirements. | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.7 | |- | |( Finding |( File permissions on the ORACLE password file do not meet| |DO3621 |File Permissions - SYSDBA password |II |
| | | | |( Not a Finding |DISA requirements. | | |file | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.12.8 | |- | |( Finding |( The ORACLE listener password is stored in plain text in | |DO3471 |Listener Clear Text Password |I |
| | | | |( Not a Finding |the listener.ora file. | | | | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.13.1 | |- | |( Finding |( A separate account has not been created for using the | |8.011 |WebSphere - A separate security |II |
| | | | |( Not a Finding |WebSphere Administrative Console. | | |account has not been created for | |
| | | | |( Not Applicable | | | |using the WebSphere Administrative | |
| | | | |( Not Reviewed | | | |Console. | |
| | | | | | | | | | |
|5.13.2 | |- | |( Finding |( WebSphere has not been configured to use Windows | |8.012 |WebSphere is not configured to use |II |
| | | | |( Not a Finding |authentication. | | |Windows authentication. | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.13.3 | |- | |( Finding |( Critical WebSphere folders and files have not been | |8.013 |WebSphere - Sensitive files and |II |
| | | | |( Not a Finding |protected from unauthorized access. | | |directories are not protected. | |
| | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.14.1 | |- | |( Finding |( ACL settings for Group Policy objects do not meet minimum| |2.013 |ACLs for Group Policy objects do |I |
|(Domain | | | |( Not a Finding |standards. | | |not conform to minimum standards. | |
|Controllers) | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.14.2 | |- | |( Finding |( Audit settings for Group Policy objects do not meet | |2.021 |Auditing for Group Policy objects |II |
|(Domain | | | |( Not a Finding |minimum standards. | | |do not conform to DOD standards. | |
|Controllers) | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|5.15.1 | |- | |( Finding |( There are accounts on the system that have weak | |4.034 |Accounts on the system contain weak|II |
|(Domain | | | |( Not a Finding |passwords. | | |passwords. | |
|Controllers) | | | |( Not Applicable | | | | | |
| | | | |( Not Reviewed | | | | | |
| | | | | | | | | | |
|14 | | | |Administrative Vulnerabilities Reviewed |
|255 | | | |Technical Vulnerabilities Reviewed |
|269 | | | |Total Vulnerabilities Reviewed |
W2K3 VAAP Total
Category I 49 0 49
Category II 167 0 167
Category III 49 0 49
Category IV 5 0 5
This page is intentionally left blank.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.