Microsoft Windows Server 2016 STIG

Microsoft Windows Server 2016 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
WN16-DC-000030 V-224966 The Kerberos service ticket maximum lifetime must be limited to 600 minutes or less. Cat II
WN16-CC-000510 V-224959 The Windows Remote Management (WinRM) client must not allow unencrypted traffic. Cat II
WN16-AU-000230 V-224890 Windows Server 2016 must be configured to audit Logon/Logoff - Account Lockout failures. Cat II
WN16-00-000040 V-224821 Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Cat I
WN16-CC-000250 V-224932 AutoPlay must be turned off for non-volume devices. Cat I
WN16-MS-000050 V-225011 Caching of logon credentials must be limited. Cat II
WN16-DC-000120 V-224975 Data files owned by users must be on a different logical partition from the directory server data files. Cat II
WN16-AU-000285 V-224896 Windows 2016 must be configured to audit Object Access - Other Object Access Events successes. Cat II
WN16-CC-000430 V-224951 Basic authentication for RSS feeds over HTTP must not be used. Cat II
WN16-00-000230 V-224839 Passwords must be configured to expire. Cat II
WN16-00-000400 V-224855 The TFTP Client must not be installed. Cat II
WN16-CC-000330 V-224940 Windows Server 2016 Windows SmartScreen must be enabled. Cat II
WN16-00-000070 V-224824 Manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization. Cat II
WN16-UR-000270 V-225087 The Modify firmware environment values user right must only be assigned to the Administrators group. Cat II
WN16-AU-000040 V-224878 Permissions for the Security event log must prevent access by non-privileged accounts. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.