Checklist Summary:

The Windows Server 2003 Security Checklist is composed of three major sections and several appendices. The organizational breakdown proceeds as follows: Section 1- Introduction This section contains summary information about the sections and appendices that comprise the Windows Server 2003 Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. Section 2- Automated System Check Procedures This section contains summary information for running the Gold Disk. Section 3- Manual System Check Procedures This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities. Appendix A- Object Permissions This appendix documents the allowed Access Control Lists (ACLs) for file and registry objects. The tables contained in this section are referenced in Section 3. Appendix B- Information Assurance Vulnerability Management (IAVM) Compliance This appendix contains checks for IAVM compliance to be done against a Windows Server 2003 machine. Appendix C- MS Group Policy Analysis Tools This appendix provides information for the use of Microsoft tools for analyzing group policy. Appendix D- Windows VMS Asset Creation and Findings Import Procedures for Reviewers and Self Assessments This appendix documents the procedures for creating assets and importing findings into VMS 6.0 Appendix E- Joint Task Force - Global Network Operations (JTF-GNO) Communications Tasking Orders (CTO) Compliance This appendix identifies Windows specific requirements from JTF-GNO CTOs. Appendix F- SRR Results Report This section is the matrix that allows the reviewer to document vulnerabilities discovered during the SRR process. The entries in this table are mapped to the manual procedures in Section 3 and appendix B.

Checklist Role:

• Server

Known Issues:

Not provided.

Target Audience:

This document is designed to instruct the reviewer on how to assess Windows Server 2003 configurations in Windows 2000, or Windows 2003 domains. In addition, the security settings recommended can also be used to configure Group Policy in a Windows 2000 or Windows 2003 Active Directory environment Field Security Operations- DISA Sites are required to secure the Microsoft Windows Server 2003 operating system in accordance with DOD Directive 8500.1, Section 4.18 (and related footnote). The checks in this document were developed from DOD guidelines specified in the above reference, as well as the Windows Server 2003 security guides and security templates published by the Microsoft Corporation.

Target Operational Environment:

• Managed

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Version 6, Release 1.33 - 25 July 2014
Version 6, Release 1.32 - 25 April 2014
Version 6, Release 1.31 - 24 January 2014
Version 6, Release 1.30 - 25 October 2013
Version 6, Release 1.29 - 24 July 2013
Version 6, Release 1.28 - 29 March 2013
Version 6, Release 1.27 - 26 October 2012
Version 6, Release 1.26 - 27 July 2012
Version 6, Release 1.25 - 27 April 2012
Version 6, Release 1.24 - 27 January 2012
Version 6, Release 1.23 - 27 October 2011
Version 6, Release 1.22 - 28 July 2011
Version 6, Release 1.21 - 29 April 2011
Version 6, Release 1.20 - 31 December 2010
Version 6, Release 1.19 - 27 August 2011
Added point of contact - 04 January 2015
Removed Reference links that are no longer valid - 14 June 2016
Updated URL to reflect change to the DISA website - http --> https
moved to archive status - 4/15/19

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 04/15/2019