SRG-OS-000095-GPOS-00049 Controls

STIG IDVersionTitleProduct
ALMA-09-028510V1R2AlmaLinux OS 9 must disable remote management of the chrony daemon.
ALMA-09-028620V1R2AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.
ALMA-09-028730V1R2AlmaLinux OS 9 must not have the iprutils package installed.
ALMA-09-028840V1R2AlmaLinux OS 9 must not have the quagga package installed.
ALMA-09-028950V1R2AlmaLinux OS 9 must not have the sendmail package installed.
ALMA-09-029060V1R2AlmaLinux OS 9 must not have the telnet-server package installed.
ALMA-09-029170V1R2AlmaLinux OS 9 must not have a Trivial File Transfer Protocol (TFTP) client package installed.
ALMA-09-029390V1R2AlmaLinux OS 9 must not have the cups package installed.
ALMA-09-029500V1R2AlmaLinux OS 9 must not have the gssproxy package installed.
ALMA-09-029610V1R2AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module.
ALMA-09-029720V1R2AlmaLinux OS 9 must be configured to disable Bluetooth.
ALMA-09-029830V1R2AlmaLinux OS 9 must disable the Controller Area Network (CAN) kernel module.
ALMA-09-029940V1R2AlmaLinux OS 9 must disable mounting of cramfs.
ALMA-09-030050V1R2AlmaLinux OS 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
ALMA-09-030160V1R2AlmaLinux OS 9 must disable mounting of squashfs.
ALMA-09-030270V1R2AlmaLinux OS 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
ALMA-09-030380V1R2AlmaLinux OS 9 must disable mounting of udf.
ALMA-09-030490V1R2Cameras must be disabled or covered when not in use.
ALMA-09-030600V1R2AlmaLinux OS 9 must not have the nfs-utils package installed.
ALMA-09-030710V1R2AlmaLinux OS 9 must not have the rsh package installed.
ALMA-09-030820V1R2AlmaLinux OS 9 must not have the rsh-server package installed.
ALMA-09-030930V1R2AlmaLinux OS 9 must not have the tuned package installed.
ALMA-09-031040V1R2A graphical display manager must not be installed on AlmaLinux OS 9 unless approved.
ALMA-09-031150V1R2AlmaLinux OS 9 must not have the ypserv package installed.
ALMA-09-031260V1R2AlmaLinux OS 9 must not have the avahi package installed.
ALMA-09-031370V1R2AlmaLinux OS 9 must be configured to disable USB mass storage.
APPL-14-002004V2R3The macOS system must disable Location Services.
APPL-14-002005V2R3The macOS system must disable Bonjour multicast.
APPL-14-002007V2R3The macOS system must disable Internet Sharing.
APPL-14-002010V2R3The macOS system must disable FaceTime.app.
APPL-14-002012V2R3The macOS system must disable the iCloud Calendar services.
APPL-14-002013V2R3The macOS system must disable iCloud Reminders.
APPL-14-002014V2R3The macOS system must disable iCloud Address Book.
APPL-14-002015V2R3The macOS system must disable iCloud Mail.
APPL-14-002016V2R3The macOS system must disable iCloud Notes.
APPL-14-002017V2R3The macOS system must disable the camera.
APPL-14-002020V2R3The macOS system must disable Siri.
APPL-14-002035V2R3The macOS system must disable Apple ID setup during Setup Assistant.
APPL-14-002036V2R3The macOS system must disable Privacy Setup services during Setup Assistant.
APPL-14-002037V2R3The macOS system must disable iCloud Storage Setup during Setup Assistant.
APPL-14-002039V2R3The macOS system must disable Siri Setup during Setup Assistant.
APPL-14-002040V2R3The macOS system must disable iCloud Keychain synchronization.
APPL-14-002041V2R3The macOS system must disable iCloud Document synchronization.
APPL-14-002042V2R3The macOS system must disable iCloud Bookmarks.
APPL-14-002043V2R3The macOS system must disable iCloud Photo Library.
APPL-14-002051V2R3The macOS system must disable the TouchID System Settings pane.
APPL-14-002052V2R3The macOS system must disable the System Settings pane for Wallet and Apple Pay.
APPL-14-002053V2R3The macOS system must disable the system settings pane for Siri.
APPL-14-002080V2R3The macOS system must disable Airplay Receiver.
APPL-14-002120V2R3The macOS system must disable AppleID and Internet Account modifications.
APPL-14-002130V2R3The macOS system must disable CD/DVD Sharing.
APPL-14-002140V2R3The macOS system must disable content caching service.
APPL-14-002150V2R3The macOS system must disable iCloud desktop and document folder synchronization.
APPL-14-002160V2R3The macOS system must disable iCloud Game Center.
APPL-14-002170V2R3The macOS system must disable iCloud Private Relay.
APPL-14-002180V2R3The macOS system must disable Find My service.
APPL-14-002190V2R3The macOS system must disable password autofill.
APPL-14-002200V2R3The macOS system must disable personalized advertising.
APPL-14-002210V2R3The macOS system must disable sending Siri and Dictation information to Apple.
APPL-14-002220V2R3The macOS system must enforce on device dictation.
APPL-14-002230V2R3The macOS system must disable dictation.
APPL-14-002240V2R3The macOS system must disable Printer Sharing.
APPL-14-002250V2R3The macOS system must disable Remote Management.
APPL-14-002260V2R3The macOS system must disable the Bluetooth system settings pane.
APPL-14-002270V2R3The macOS system must disable the iCloud Freeform services.
APPL-14-005054V2R3The macOS system must disable TouchID prompt during Setup Assistant.
APPL-14-005055V2R3The macOS system must disable Screen Time prompt during Setup Assistant.
APPL-14-005056V2R3The macOS system must disable Unlock with Apple Watch during Setup Assistant.
APPL-14-005060V2R3The macOS system must disable proximity-based password sharing requests.
APPL-14-005061V2R3The macOS system must disable Erase Content and Settings.
APPL-15-002004V1R3The macOS system must disable Location Services.
APPL-15-002005V1R3The macOS system must disable Bonjour multicast.
APPL-15-002007V1R3The macOS system must disable Internet Sharing.
APPL-15-002010V1R3The macOS system must disable FaceTime.app.
APPL-15-002012V1R3The macOS system must disable the iCloud Calendar services.
APPL-15-002013V1R3The macOS system must disable iCloud Reminders.
APPL-15-002014V1R3The macOS system must disable iCloud Address Book.
APPL-15-002015V1R3The macOS system must disable iCloud Mail.
APPL-15-002016V1R3The macOS system must disable iCloud Notes.
APPL-15-002017V1R3The macOS system must disable the camera.
APPL-15-002020V1R3The macOS system must disable Siri.
APPL-15-002035V1R3The macOS system must disable Apple ID setup during Setup Assistant.
APPL-15-002036V1R3The macOS system must disable Privacy Setup services during Setup Assistant.
APPL-15-002037V1R3The macOS system must disable iCloud storage setup during Setup Assistant.
APPL-15-002039V1R3The macOS system must disable Siri Setup during Setup Assistant.
APPL-15-002040V1R3The macOS system must disable iCloud Keychain Sync.
APPL-15-002041V1R3The macOS system must disable iCloud Document Sync.
APPL-15-002042V1R3The macOS system must disable iCloud Bookmarks.
APPL-15-002043V1R3The macOS system must disable iCloud Photo Library.
APPL-15-002052V1R3The macOS system must disable the System Settings pane for Wallet and Apple Pay.
APPL-15-002053V1R3The macOS system must disable the system settings pane for Siri.
APPL-15-002080V1R3The macOS system must disable Airplay Receiver.
APPL-15-002120V1R3The macOS system must disable AppleID and internet Account Modification.
APPL-15-002130V1R3The macOS system must disable CD/DVD Sharing.
APPL-15-002140V1R3The macOS system must disable Content Caching service.
APPL-15-002150V1R3The macOS system must disable iCloud Desktop and Document folder sync.
APPL-15-002160V1R3The macOS system must disable iCloud Game Center.
APPL-15-002170V1R3The macOS system must disable iCloud Private Relay.
APPL-15-002180V1R3The macOS system must disable Find My service.
APPL-15-002200V1R3The macOS system must disable Personalized Advertising.
APPL-15-002210V1R3The macOS system must disable sending Siri and Dictation information to Apple.
APPL-15-002220V1R3The macOS system must enforce On Device Dictation.
APPL-15-002230V1R3The macOS system must disable Dictation.
APPL-15-002240V1R3The macOS system must disable Printer Sharing.
APPL-15-002250V1R3The macOS system must disable Remote Management.
APPL-15-002260V1R3The macOS system must disable the Bluetooth System Settings pane.
APPL-15-002270V1R3The macOS system must disable the iCloud Freeform services.
APPL-15-005054V1R3The macOS system must disable the TouchID prompt during Setup Assistant.
APPL-15-005055V1R3The macOS system must disable the Screen Time prompt during Setup Assistant.
APPL-15-005056V1R3The macOS system must disable Unlock with Apple Watch during Setup Assistant.
APPL-15-005060V1R3The macOS system must disable proximity-based password sharing requests.
APPL-15-005061V1R3The macOS system must disable Erase Content and Settings.
APPL-15-005140V1R3The macOS system must disable Genmoji.
APPL-15-005150V1R3The macOS system must disable Apple Intelligence Image Generation.
APPL-15-005160V1R3The macOS system must disable Apple Intelligence Writing Tools.
APPL-15-002023V1R3The macOS system must disable sending audio recordings and transcripts to Apple.
APPL-15-002024V1R3The macOS system must disable sending search data from Spotlight to Apple.
OL07-00-020000V3R2The Oracle Linux operating system must not have the rsh-server package installed.
OL07-00-020010V3R2The Oracle Linux operating system must not have the ypserv package installed.
OL07-00-021710V3R2The Oracle Linux operating system must not have the telnet-server package installed.
OL08-00-030741V2R4OL 8 must disable the chrony daemon from acting as a server.
OL08-00-030742V2R4OL 8 must disable network management of the chrony daemon.
OL08-00-040000V2R4OL 8 must not have the telnet-server package installed.
OL08-00-040001V2R4OL 8 must not have any automated bug reporting tools installed.
OL08-00-040002V2R4OL 8 must not have the sendmail package installed.
OL08-00-040004V2R4OL 8 must enable mitigations against processor-based vulnerabilities.
OL08-00-040010V2R4OL 8 must not have the rsh-server package installed.
OL08-00-040020V2R4OL 8 must cover or disable the built-in or attached camera when not in use.
OL08-00-040024V2R4OL 8 must disable the transparent inter-process communication (TIPC) protocol.
OL08-00-040025V2R4OL 8 must disable mounting of cramfs.
OL08-00-040026V2R4OL 8 must disable IEEE 1394 (FireWire) Support.
OL09-00-000040V1R1OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module.
OL09-00-000041V1R1OL 9 must be configured to disable the Controller Area Network (CAN) kernel module.
OL09-00-000042V1R1OL 9 must be configured to disable the FireWire kernel module.
OL09-00-000043V1R1OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
OL09-00-000044V1R1OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
OL09-00-000045V1R1OL 9 must disable mounting of cramfs.
OL09-00-000046V1R1OL 9 Bluetooth must be disabled.
OL09-00-000100V1R1OL 9 must not have the nfs-utils package installed.
OL09-00-000105V1R1OL 9 must not have the rsh-server package installed.
OL09-00-000110V1R1OL 9 must not have the telnet-server package installed.
OL09-00-000115V1R1OL 9 must not have the gssproxy package installed.
OL09-00-000120V1R1OL 9 must not have the iprutils package installed.
OL09-00-000125V1R1OL 9 must not have the tuned package installed.
OL09-00-000150V1R1OL 9 must not have the sendmail package installed.
RHEL-07-020000V3R9The Red Hat Enterprise Linux operating system must not have the rsh-server package installed.
RHEL-07-020010V3R9The Red Hat Enterprise Linux operating system must not have the ypserv package installed.
RHEL-07-021710V3R9The Red Hat Enterprise Linux operating system must not have the telnet-server package installed.
RHEL-08-030741V2R3RHEL 8 must disable the chrony daemon from acting as a server.
RHEL-08-030742V2R3RHEL 8 must disable network management of the chrony daemon.
RHEL-08-040000V2R3RHEL 8 must not have the telnet-server package installed.
RHEL-08-040001V2R3RHEL 8 must not have any automated bug reporting tools installed.
RHEL-08-040002V2R3RHEL 8 must not have the sendmail package installed.
RHEL-08-040004V2R3RHEL 8 must enable mitigations against processor-based vulnerabilities.
RHEL-08-040010V2R3RHEL 8 must not have the rsh-server package installed.
RHEL-08-040020V2R3RHEL 8 must cover or disable the built-in or attached camera when not in use.
RHEL-08-040021V2R3RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.
RHEL-08-040022V2R3RHEL 8 must disable the controller area network (CAN) protocol.
RHEL-08-040023V2R3RHEL 8 must disable the stream control transmission protocol (SCTP).
RHEL-08-040024V2R3RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.
RHEL-08-040025V2R3RHEL 8 must disable mounting of cramfs.
RHEL-08-040026V2R3RHEL 8 must disable IEEE 1394 (FireWire) Support.
RHEL-09-213045V2R4RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.
RHEL-09-213050V2R4RHEL 9 must be configured to disable the Controller Area Network kernel module.
RHEL-09-213055V2R4RHEL 9 must be configured to disable the FireWire kernel module.
RHEL-09-213060V2R4RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
RHEL-09-213065V2R4RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
RHEL-09-215025V2R4RHEL 9 must not have the nfs-utils package installed.
RHEL-09-215030V2R4RHEL 9 must not have the ypserv package installed.
RHEL-09-215035V2R4RHEL 9 must not have the rsh-server package installed.
RHEL-09-215040V2R4RHEL 9 must not have the telnet-server package installed.
RHEL-09-215045V2R4RHEL 9 must not have the gssproxy package installed.
RHEL-09-215050V2R4RHEL 9 must not have the iprutils package installed.
RHEL-09-215055V2R4RHEL 9 must not have the tuned package installed.
RHEL-09-231195V2R4RHEL 9 must disable mounting of cramfs.
RHEL-09-291035V2R4RHEL 9 Bluetooth must be disabled.
UBTU-18-010018V2R15The Ubuntu operating system must not have the Network Information Service (NIS) package installed.
UBTU-18-010019V2R15The Ubuntu operating system must not have the rsh-server package installed.
UBTU-20-010406V2R1The Ubuntu operating system must not have the rsh-server package installed.
UBTU-22-215030V2R4Ubuntu 22.04 LTS must not have the "rsh-server" package installed.
UBTU-24-100040V1R1Ubuntu 24.04 LTS must not have the rsh-server package installed.
WN10-00-000080V3R4Only authorized user accounts must be allowed to create or run virtual machines on Windows 10 systems.
WN10-00-000100V3R4Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
WN10-00-000110V3R4Simple TCP/IP Services must not be installed on the system.
WN10-00-000155V3R4The Windows PowerShell 2.0 feature must be disabled on the system.
WN10-00-000160V3R4The Server Message Block (SMB) v1 protocol must be disabled on the system.
WN10-00-000165V3R4The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN10-00-000170V3R4The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN10-00-000175V3R4The Secondary Logon service must be disabled on Windows 10.
WN10-00-000210V3R4Bluetooth must be turned off unless approved by the organization.
WN10-00-000220V3R4Bluetooth must be turned off when not in use.
WN10-CC-000005V3R4Camera access from the lock screen must be disabled.
WN10-CC-000007V3R4Windows 10 must cover or disable the built-in or attached camera when not in use.
WN10-CC-000010V3R4The display of slide shows on the lock screen must be disabled.
WN10-CC-000038V3R4WDigest Authentication must be disabled.
WN10-CC-000039V3R4Run as different user must be removed from context menus.
WN10-CC-000044V3R4Internet connection sharing must be disabled.
WN10-CC-000100V3R4Downloading print driver packages over HTTP must be prevented.
WN10-CC-000105V3R4Web publishing and online ordering wizards must be prevented from downloading a list of providers.
WN10-CC-000110V3R4Printing over HTTP must be prevented.
WN10-CC-000120V3R4The network selection user interface (UI) must not be displayed on the logon screen.
WN10-CC-000130V3R4Local users on domain-joined computers must not be enumerated.
WN10-CC-000175V3R4The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN10-CC-000197V3R4Microsoft consumer experiences must be turned off.
WN10-CC-000210V3R4The Windows Defender SmartScreen for Explorer must be enabled.
WN10-CC-000252V3R4Windows 10 must be configured to disable Windows Game Recording and Broadcasting.
WN10-CC-000300V3R4Basic authentication for RSS feeds over HTTP must not be used.
WN10-CC-000305V3R4Indexing of encrypted files must be turned off.
WN10-CC-000370V3R4The convenience PIN for Windows 10 must be disabled.
WN10-CC-000385V3R4Windows Ink Workspace must be configured to disallow access above the lock.
WN10-CC-000390V3R4Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications.
WN10-UC-000015V3R4Toast notifications to the lock screen must be turned off.
WN11-00-000100V2R3Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
WN11-00-000110V2R3Simple TCP/IP Services must not be installed on the system.
WN11-00-000155V2R3The Windows PowerShell 2.0 feature must be disabled on the system.
WN11-00-000160V2R3The Server Message Block (SMB) v1 protocol must be disabled on the system.
WN11-00-000165V2R3The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN11-00-000170V2R3The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN11-00-000175V2R3The Secondary Logon service must be disabled on Windows 11.
WN11-00-000210V2R3Bluetooth must be turned off unless approved by the organization.
WN11-00-000220V2R3Bluetooth must be turned off when not in use.
WN11-CC-000005V2R3Camera access from the lock screen must be disabled.
WN11-CC-000007V2R3Windows 11 must cover or disable the built-in or attached camera when not in use.
WN11-CC-000010V2R3The display of slide shows on the lock screen must be disabled.
WN11-CC-000038V2R3WDigest Authentication must be disabled.
WN11-CC-000039V2R3Run as different user must be removed from context menus.
WN11-CC-000044V2R3Internet connection sharing must be disabled.
WN11-CC-000100V2R3Downloading print driver packages over HTTP must be prevented.
WN11-CC-000105V2R3Web publishing and online ordering wizards must be prevented from downloading a list of providers.
WN11-CC-000110V2R3Printing over HTTP must be prevented.
WN11-CC-000120V2R3The network selection user interface (UI) must not be displayed on the logon screen.
WN11-CC-000130V2R3Local users on domain-joined computers must not be enumerated.
WN11-CC-000175V2R3The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN11-CC-000197V2R3Microsoft consumer experiences must be turned off.
WN11-CC-000210V2R3The Microsoft Defender SmartScreen for Explorer must be enabled.
WN11-CC-000252V2R3Windows 11 must be configured to disable Windows Game Recording and Broadcasting.
WN11-CC-000300V2R3Basic authentication for RSS feeds over HTTP must not be used.
WN11-CC-000305V2R3Indexing of encrypted files must be turned off.
WN11-CC-000370V2R3The convenience PIN for Windows 11 must be disabled.
WN11-CC-000390V2R3Windows 11 must be configured to prevent users from receiving suggestions for third-party or additional applications.
WN11-UC-000015V2R3Toast notifications to the lock screen must be turned off.
WN16-00-000300V2R9The roles and features required by the system must be documented.
WN16-00-000350V2R9The Fax Server role must not be installed.
WN16-00-000370V2R9The Peer Name Resolution Protocol must not be installed.
WN16-00-000380V2R9Simple TCP/IP Services must not be installed.
WN16-00-000400V2R9The TFTP Client must not be installed.
WN16-00-000410V2R9The Server Message Block (SMB) v1 protocol must be uninstalled.
WN16-00-000411V2R9The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN16-00-000412V2R9The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN16-00-000420V2R9Windows PowerShell 2.0 must not be installed.
WN16-CC-000010V2R9The display of slide shows on the lock screen must be disabled.
WN16-CC-000030V2R9WDigest Authentication must be disabled on Windows Server 2016.
WN16-CC-000160V2R9Downloading print driver packages over HTTP must be prevented.
WN16-CC-000170V2R9Printing over HTTP must be prevented.
WN16-CC-000180V2R9The network selection user interface (UI) must not be displayed on the logon screen.
WN16-CC-000240V2R9The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN16-CC-000330V2R9Windows Server 2016 Windows SmartScreen must be enabled.
WN16-CC-000430V2R9Basic authentication for RSS feeds over HTTP must not be used.
WN16-CC-000440V2R9Indexing of encrypted files must be turned off.
WN16-DC-000130V2R9Domain controllers must run on a machine dedicated to that function.
WN16-MS-000030V2R9Local users on domain-joined computers must not be enumerated.
WN16-CC-000421V2R9The Windows Explorer Preview pane must be disabled for Windows Server 2016.
WN19-00-000270V3R4Windows Server 2019 must have the roles and features required by the system documented.
WN19-00-000320V3R4Windows Server 2019 must not have the Fax Server role installed.
WN19-00-000340V3R4Windows Server 2019 must not have the Peer Name Resolution Protocol installed.
WN19-00-000350V3R4Windows Server 2019 must not have Simple TCP/IP Services installed.
WN19-00-000370V3R4Windows Server 2019 must not have the TFTP Client installed.
WN19-00-000380V3R4Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed.
WN19-00-000390V3R4Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.
WN19-00-000400V3R4Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
WN19-00-000410V3R4Windows Server 2019 must not have Windows PowerShell 2.0 installed.
WN19-CC-000010V3R4Windows Server 2019 must prevent the display of slide shows on the lock screen.
WN19-CC-000020V3R4Windows Server 2019 must have WDigest Authentication disabled.
WN19-CC-000150V3R4Windows Server 2019 downloading print driver packages over HTTP must be turned off.
WN19-CC-000160V3R4Windows Server 2019 printing over HTTP must be turned off.
WN19-CC-000170V3R4Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen.
WN19-CC-000200V3R4Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN19-CC-000300V3R4Windows Server 2019 Windows Defender SmartScreen must be enabled.
WN19-CC-000400V3R4Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP.
WN19-CC-000410V3R4Windows Server 2019 must prevent Indexing of encrypted files.
WN19-DC-000130V3R4Windows Server 2019 domain controllers must run on a machine dedicated to that function.
WN19-MS-000030V3R4Windows Server 2019 local users on domain-joined member servers must not be enumerated.
WN22-00-000270V2R4Windows Server 2022 must have the roles and features required by the system documented.
WN22-00-000320V2R4Windows Server 2022 must not have the Fax Server role installed.
WN22-00-000340V2R4Windows Server 2022 must not have the Peer Name Resolution Protocol installed.
WN22-00-000350V2R4Windows Server 2022 must not have Simple TCP/IP Services installed.
WN22-00-000370V2R4Windows Server 2022 must not have the TFTP Client installed.
WN22-00-000380V2R4Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.
WN22-00-000390V2R4Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.
WN22-00-000400V2R4Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
WN22-00-000410V2R4Windows Server 2022 must not have Windows PowerShell 2.0 installed.
WN22-CC-000010V2R4Windows Server 2022 must prevent the display of slide shows on the lock screen.
WN22-CC-000020V2R4Windows Server 2022 must have WDigest Authentication disabled.
WN22-CC-000150V2R4Windows Server 2022 downloading print driver packages over HTTP must be turned off.
WN22-CC-000160V2R4Windows Server 2022 printing over HTTP must be turned off.
WN22-CC-000170V2R4Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen.
WN22-CC-000200V2R4Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN22-CC-000300V2R4Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled.
WN22-CC-000400V2R4Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP.
WN22-CC-000410V2R4Windows Server 2022 must prevent Indexing of encrypted files.
WN22-DC-000130V2R4Windows Server 2022 domain controllers must run on a machine dedicated to that function.
WN22-MS-000030V2R4Windows Server 2022 local users on domain-joined member servers must not be enumerated.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.