Checklist Summary:

The Windows Server 2008 R2 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from Federal and DoD consensus, as well as the Windows Server 2008 R2 Security Guide and security templates published by Microsoft Corporation. The vulnerabilities discussed in this document are applicable to Windows Server 2008 R2 (all versions). This STIG is for a Windows Server 2008 R2 baseline. It is meant for use in conjunction with other applicable STIGs and Checklists including such topics as Active Directory, Web Services, Domain Name Service (DNS), Database, Secure Remote Computing, and Desktop Applications. For example, Domain Controller reviews will also need to include the Active Directory STIG.

Checklist Role:

• Server Operating System
• Operating System

Known Issues:

Not provided

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), IAOs, and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, and certification and accreditation (C&A) efforts.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

The vulnerabilities discussed in this document are applicable to Windows Server 2008 R2 (all versions).

Regulatory Compliance:

DoD Directive (DoDD) 8500.1 DoD Directive (DoDD) 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: fso_spt@disa.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided

Product Support:

Comments or proposed revisions to this document should be sent via e-mail to the following address: fso_spt@disa.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

fso_spt@disa.mil

Sponsor:

DoD

Licensing:

Not provided

Change History:

Version 1, Release 12 - 13 March 2014
Version 1, Release 11 - 24 January 2014
Version 1, Release 10 - 23 December 2013
Version 1, Release 9 - 25 October 2013
Version 1, Release 8 - 24 July 2013
Version 1, Release 7 - 29 March 2013
Version 1, Release 6 - 26 October 2012
Version 1, Release 5 - July 27, 2012
Version 1, Release 4 - April 27, 2012
Version 1, Release 3 - January 27, 2012
Version 1, Release 2 - October 28, 2011
Version 1, Release 1 - May 25, 2011

Dependency/Requirements:

URL	Description
http://iase.disa.mil/stigs/Documents/database-stig-v8r1.zip	Database Security Technical Implementation Guide, Version 8.1, Release 1
http://iase.disa.mil/stigs/Documents/u_active_directory_v2r1_stig.zip	Microsoft Active Directory STIG, Version 2, Release 1
http://iase.disa.mil/stigs/Documents/u_dns_v4r1.12.checklist_20110429.zip	Domain Name System Security Checklist Version 4 Release 1.12
http://iase.disa.mil/stigs/Documents/u_ms_windows_server_2008_r2_stig_v1r1_release_memo.pdf	Release Memo - Windows 2008 STIG R2 - Version 1, Release 1
http://iase.disa.mil/stigs/Documents/unclassified_DesktopApplicationsGeneral_v4r1_stig.pdf	Desktop Applications General, Version 4, Release 1
http://iase.disa.mil/stigs/downloads/zip/unclassified_web_server_v7r1_stig.zip	Web Server STIG, Version 7, Release 1

References:

Reference URL	Description

NIST checklist record last modified on 04/15/2014