National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Windows 2008 STIG Version 6, Release 39 Checklist Details (Checklist Revisions)

SCAP 1.2 Content:

Machine-Readable CCE to 800-53 Data Stream

Supporting Resources:

Target:

Target CPE Name Product Category
Microsoft Windows Defender cpe:/a:microsoft:windows_defender (View CVEs)
  • Malware
Microsoft Internet Explorer cpe:/a:microsoft:ie (View CVEs)
  • Web Browser
Microsoft Windows Mail cpe:/a:microsoft:windows_mail (View CVEs)
  • Desktop Application
Microsoft Windows Media Player cpe:/a:microsoft:windows_media_player (View CVEs)
  • Desktop Application
Microsoft Windows Server 2008 cpe:/o:microsoft:windows_server_2008:- (View CVEs)
  • Operating System

Checklist Highlights

Checklist Name:
Windows 2008 STIG
Checklist ID:
228
Version:
Version 6, Release 39
Type:
Compliance
Review Status:
Under Review
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
04/28/2017
Checklist Group:
View

Checklist Summary:

The Windows Server 2008 Security Checklist is composed of three major sections and several appendices. The organizational breakdown proceeds as follows: Section 1 - Introduction This section contains summary information about the sections and appendices that comprise the Windows Server 2008 Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. Section 2 - Automated System Check Procedures The Gold Disk does not support Windows 2008 at this time. Section 3 - Manual System Check Procedures This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities. Appendix A - Object Permissions This appendix documents the any additional Access Control Lists (ACLs) for file and registry objects. The tables contained in this section are referenced in Section 3. Appendix B - Joint Task Force Global Network Operations (JTF-GNO) Information Assurance Vulnerability Management (IAVM) Compliance This appendix contains checks for IAVM compliance to be done against a Windows Server 2008 machine. Appendix C - MS Group Policy Analysis Tools This appendix provides information for the use of Microsoft tools for analyzing group policy. Appendix D - Windows VMS Asset Creation and Findings Import Procedures for Reviewers and Self Assessments This appendix documents the procedures for creating assets and importing findings into VMS 6.0 Appendix E - Joint Task Force - Global Network Operations (JTF-GNO) Communications Tasking Orders (CTO) Compliance This appendix identifies Windows specific requirements from JTF-GNO CTOs. Appendix F - SRR Result Report This section is the matrix that allows the reviewer to document vulnerabilities discovered during the SRR process. The entries in this table are mapped to procedures, referenced by Vulnerability and STIG IDs in Sections 3 and Appendix B.

Checklist Role:

  • Server
  • Server Operating System

Known Issues:

Not provided.

Target Audience:

This document is designed to instruct the reviewer on how to assess Windows Server 2008 configurations in Windows domains. In addition, the security settings recommended can also be used to configure Group Policy in a Windows Active Directory environment.

Target Operational Environment:

  • Managed

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Standalone Version 6, Release 30 - 07 August 2015
Benchmark Version 6, Release 32 - 07 August 2015
Version 6, Release 1.28 - 25 July 2014 (SCAP 1.0)
Version 6, Release 1.27 - 25 April 2014
Version 6, Release 1.26 - 13 March 2014
Version 6, Release 1.25 - 24 January 2014
Version 6, Release 1.24 - 23 December 2013
Version 6, Release 1.23 - 25 October 2013
Version 6, Release 1.22 - 24 July 2013
Version 6, Release 1.21 - 29 March 2013
Version 6, Release 1.20 - 26 October 2012
Version 6, Release 1.19 - 27 July 2012
Version 6, Release 1.18 - 27 April 2012
Version 6, Release 1.17 - 24 January 2012
Version 6, Release 1.16 - 28 October 2011
Version 6, Release 1.15 - 29 July 2011
Added point of contact - 04 January 2015
Version 6, Release 1.28 for MS and DC Non-SCAP Resources - 28 January 2015
Version 6, Release 1.29 for MS and DC SCAP 1.0 Content - 28 January 2015
Changed Resource Type for DC and MS from SCAP 1.0 Content to SCAP 1.1 - 28 May 2015
Changing status from "Under Review" to "Final" - 09 October 2015
Version 6, Release 31 - 29 October 2015
Version 6, Release 33 Benchmark - 29 October 2015
Changed status from "Under Review" to "Final" - 17 December 2015
5/2/2016 - Version 6, Release 32
moved to FINAL - 6/7/2016
Removed Referencelinks that are no longer valid - 14 June 2016
updated to - v1, r33 - 07/22/2016
Updated to FINAL - 09/12/2016
Updated STIG to v6, r34 - 10/28/2016
updated to FINAL - 12/07/2016
Updated to Ver 6, Rel 35 - 01/27/2017
Updated to FINAL - 03/13/2017
Updated to Version 6, Release 36 - 04/24/2017
Corrected title - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated to FINAL - 09/07/2017
Updated - 11/01/2017
Updated to FINAL - 11/27/2017
Updated to Version 6, Release 39 - 02/16/2018

Dependency/Requirements:

References:

Reference URL Description

NIST checklist record last modified on 02/18/2018


* This checklist is still undergoing review for inclusion into the NCP.