Check: WN16-SO-000160
Microsoft Windows Server 2016 STIG:
WN16-SO-000160
(in versions v2 r9 through v1 r1)
Title
The Windows dialog box title for the legal banner must be configured with the appropriate text. (Cat III impact)
Discussion
Failure to display the logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources. Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088
Check Content
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ Value Name: LegalNoticeCaption Value Type: REG_SZ Value: See message title options below "DoD Notice and Consent Banner", "US Department of Defense Warning Statement", or an organization-defined equivalent. If an organization-defined title is used, it can in no case contravene or modify the language of the banner text required in WN16-SO-000150. Automated tools may only search for the titles defined above. If an organization-defined title is used, a manual review will be required.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Interactive Logon: Message title for users attempting to log on" to "DoD Notice and Consent Banner", "US Department of Defense Warning Statement", or an organization-defined equivalent. If an organization-defined title is used, it can in no case contravene or modify the language of the message text required in WN16-SO-000150.
Additional Identifiers
Rule ID: SV-225037r958390_rule
Vulnerability ID: V-225037
Group Title: SRG-OS-000023-GPOS-00006
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000048 |
Display an organization-defined system use notification message or banner to users before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidelines. |
CCI-001384 |
For publicly accessible systems, display system use information with organization-defined conditions before granting further access to the publicly accessible system. |
CCI-001385 |
For publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
CCI-001386 |
For publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
CCI-001387 |
For publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
CCI-001388 |
For publicly accessible systems, includes a description of the authorized uses of the system. |
Controls
Number | Title |
---|---|
AC-8 |
System Use Notification |