Microsoft Windows Server 2016 STIG

Microsoft Windows Server 2016 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
WN16-DC-000030 V-224966 The Kerberos service ticket maximum lifetime must be limited to 600 minutes or less. Cat II
WN16-CC-000510 V-224959 The Windows Remote Management (WinRM) client must not allow unencrypted traffic. Cat II
WN16-AU-000230 V-224890 Windows Server 2016 must be configured to audit Logon/Logoff - Account Lockout failures. Cat II
WN16-00-000040 V-224821 Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Cat I
WN16-CC-000250 V-224932 AutoPlay must be turned off for non-volume devices. Cat I
WN16-MS-000050 V-225011 Caching of logon credentials must be limited. Cat II
WN16-DC-000120 V-224975 Data files owned by users must be on a different logical partition from the directory server data files. Cat II
WN16-AU-000285 V-224896 Windows 2016 must be configured to audit Object Access - Other Object Access Events successes. Cat II
WN16-CC-000430 V-224951 Basic authentication for RSS feeds over HTTP must not be used. Cat II
WN16-00-000230 V-224839 Passwords must be configured to expire. Cat II
WN16-00-000400 V-224855 The TFTP Client must not be installed. Cat II
WN16-CC-000330 V-224940 Windows Server 2016 Windows SmartScreen must be enabled. Cat II
WN16-00-000070 V-224824 Manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization. Cat II
WN16-UR-000270 V-225087 The Modify firmware environment values user right must only be assigned to the Administrators group. Cat II
WN16-AU-000040 V-224878 Permissions for the Security event log must prevent access by non-privileged accounts. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes