UCF STIG Viewer Logo

Win7 Audit


Overview

Date Finding Count (267)
2013-06-10 CAT I (High): 22 CAT II (Med): 167 CAT III (Low): 78
STIG Description
The Windows 7 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows 7 Security Guide and security templates published by Microsoft Corporation. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-1073 High Systems must be at supported service pack (SP) or release levels.
V-26479 High Unauthorized accounts will not have the "Create a token object" user right.
V-17438 High The Windows Firewall must block unsolicited inbound connections for the Public Profile.
V-6834 High Named pipes and shares can be accessed anonymously.
V-1159 High The Recovery Console option is set to permit automatic logon to the system.
V-1153 High The Send download LanMan compatible password option is not set to Send NTLMv2 response only\refuse LM & NTLM.
V-2374 High The system is configured to autoplay removable media.
V-1093 High Anonymous enumeration of shares will be restricted.
V-17428 High The Windows Firewall must block unsolicited inbound connections for the Private Profile.
V-17418 High The Windows Firewall must block unsolicited inbound connections for the Domain Profile.
V-26283 High Anonymous enumeration of SAM accounts will not be allowed.
V-3340 High Unauthorized shares can be accessed anonymously.
V-17900 High Disallow AutoPlay/Autorun from Autorun.inf
V-3338 High Unauthorized named pipes are accessible with anonymous credentials.
V-3339 High Unauthorized registry paths are remotely accessible.
V-18010 High Unauthorized users will not have the "Debug programs" user right.
V-3343 High Solicited Remote Assistance is allowed.
V-3379 High The system is configured to store the LAN Manager hash of the password in the SAM.
V-3347 High Internet Information System (IIS) or its subcomponents are installed on a workstation.
V-3344 High The use of local accounts with blank passwords is not restricted to console logons only.
V-4443 High Unauthorized registry paths and sub-paths are remotely accessible.
V-1102 High Unauthorized users will not be granted the "Act as part of the operating system" user right.
V-14258 Medium Search Companion prevented from automatically downloading content updates.
V-14259 Medium Prevent printing over HTTP.
V-26576 Medium The IP-HTTPS IPv6 transition technology will be disabled.
V-26577 Medium The ISATAP IPv6 transition technology will be disabled.
V-26575 Medium The 6to4 IPv6 transition technology will be disabled.
V-3383 Medium The system is not configured to use FIPS compliant algorithms for encryption, hashing, and signing.
V-3381 Medium The system is not configured to recommended LDAP client signing requirements.
V-3380 Medium The system is not configured to force users to log off when their allowed logon hours expire.
V-26580 Medium The Security event log will be configured to a minimum size requirement.
V-14230 Medium Audit policy using subcategories is enabled.
V-26473 Medium Unauthorized accounts will not have the "Allow log on through Remote Desktop Services" user right.
V-26533 Medium The system will be configured to audit "Account Management -> Other Account Management Events" successes.
V-15725 Medium The More Gadgets link will be disabled.
V-15724 Medium Unsigned gadgets will not be installed.
V-15726 Medium Turn off user-installed gadgets.
V-17442 Medium Local firewall rules for the Windows Firewall must not be merged with group policy rules for the Public Profile.
V-17443 Medium Local firewall connection rules for the Windows Firewall must not be merged with group policy rules for the Public Profile.
V-17441 Medium The Windows Firewall must block unicast response to multicast or broadcast messages for the Public Profile.
V-16006 Medium Unnecessary features are installed.
V-14242 Medium User Account Control - Non UAC compliant applications run in virtualized file and registry entries.
V-16008 Medium UAC - All application are elevated.
V-26503 Medium Unauthorized accounts will not have the "Replace a process level token" user right.
V-1089 Medium The required legal notice must be configured to display before console logon.
V-1164 Medium Outgoing secure channel traffic is not signed when possible.
V-1166 Medium The Windows SMB client is not enabled to perform SMB packet signing when possible.
V-3378 Medium The system is not configured to use the Classic security model.
V-1163 Medium Outgoing secure channel traffic is not encrypted when possible.
V-1162 Medium The Windows SMB server is not enabled to perform SMB packet signing when possible.
V-3471 Medium The system is configured to automatically forward error information.
V-3470 Medium The system is configured to allow unsolicited remote assistance offers.
V-3479 Medium The system is not configured to use Safe DLL search mode.
V-14243 Medium Require username and password to elevate a running application.
V-17439 Medium The Windows Firewall must allow outbound connections, unless a rule explicitly blocks the connection for the Public Profile.
V-17433 Medium Local firewall connection rules for the Windows Firewall must not be merged with group policy rules for the Private Profile.
V-17432 Medium Local firewall rules for the Windows Firewall must not be merged with group policy rules for the Private Profile.
V-17431 Medium The Windows Firewall must block unicast response to multicast or broadcast messages for the Private Profile.
V-15697 Medium Disable the Responder network protocol driver.
V-15696 Medium Disable the Mapper I/O Driver.
V-6836 Medium For systems utilizing a logon ID as the individual identifier, passwords are not at a minimum of 14-characters.
V-6832 Medium The Windows SMB client is not enabled to always perform SMB packet signing.
V-6833 Medium The Windows SMB server is not enabled to always perform SMB packet signing.
V-6831 Medium Outgoing secure channel traffic is not encrypted or signed.
V-14262 Medium IPv6 will be disabled until a deliberate transition strategy has been implemented.
V-14261 Medium Windows is prevented from using Windows Update to search for drivers.
V-14260 Medium Computer prevented from downloading print driver packages over HTTP.
V-1154 Medium Ctrl+Alt+Del security attention sequence is disabled.
V-3385 Medium The system is configured to allow case insensitivity.
V-1157 Medium The smart card removal option is set to take no action.
V-1099 Medium Lockout duration does not meet minimum requirements.
V-1098 Medium Time before bad-logon counter is reset does not meet minimum requirements.
V-2372 Medium Reversible password encryption is not disabled.
V-1097 Medium Number of allowed bad-logon attempts does not meet minimum requirements.
V-3382 Medium The system is not configured to meet the minimum requirement for session security for NTLM SSP based clients.
V-17429 Medium The Windows Firewall must allow outbound connections, unless a rule explicitly blocks the connection for the Private Profile.
V-3376 Medium The system is configured to permit storage of passwords and credentials.
V-26578 Medium The Teredo IPv6 transition technology will be disabled.
V-3374 Medium The system is not configured to require a strong session key.
V-17421 Medium The Windows Firewall must block unicast response to multicast or broadcast messages for the Domain Profile.
V-17422 Medium Local firewall rules for the Windows Firewall must not be merged with group policy rules for the Domain Profile.
V-1171 Medium Ejection of removable NTFS media is not restricted to administrators.
V-15682 Medium Prevent RSS attachment downloads.
V-15683 Medium Shell protocol runs in protected mode.
V-1145 Medium Automatic logons must be disabled.
V-1141 Medium Unencrypted password is sent to third-party SMB server.
V-15685 Medium Prevent users from changing Windows installer options.
V-26529 Medium The system will be configured to audit "Account Logon -> Credential Validation" successes.
V-26582 Medium The System event log will be configured to a minimum size requirement.
V-26581 Medium The Setup event log will be configured to a minimum size requirement.
V-17415 Medium The Windows Firewall must be enabled for the Domain Profile.
V-17417 Medium The Windows Firewall must be enabled for the Public Profile.
V-3458 Medium Remote Desktop Services idle session time limit does not meet the requirement.
V-14239 Medium User Account Control - Elevate UIAccess applications that are in secure locations.
V-3453 Medium Remote Desktop Services is not configured to always prompt a client for passwords upon connection.
V-17419 Medium The Windows Firewall must allow outbound connections, unless a rule explicitly blocks the connection for the Domain Profile.
V-3455 Medium Remote Desktop Services is configured to use a common temporary folder for all sessions.
V-3454 Medium Remote Desktop Services is not configured with the client connection encryption set to the required level.
V-15674 Medium Disable Internet File Association Service.
V-14241 Medium User Account Control - Switch to secure desktop.
V-14240 Medium User Account Control - Run all admins in Admin Approval Mode.
V-26538 Medium The system will be configured to audit "Account Management -> User Account Management" failures.
V-26539 Medium The system will be configured to audit "Detailed Tracking -> Process Creation" successes.
V-14247 Medium Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop Client.
V-14249 Medium Terminal Services / Remote Desktop Services - Local drives prevented from sharing with Terminal Servers/Remote Session Hosts.
V-14248 Medium Terminal Services / Remote Desktop Services - Prevent users from connecting using Terminal Services or Remote Desktop.
V-26530 Medium The system will be configured to audit "Account Logon -> Credential Validation" failures.
V-26531 Medium The system will be configured to audit "Account Management -> Computer Account Management" successes.
V-26536 Medium The system will be configured to audit "Account Management -> Security Group Management" failures.
V-26537 Medium The system will be configured to audit "Account Management -> User Account Management" successes.
V-26534 Medium The system will be configured to audit "Account Management -> Other Account Management Events" failures.
V-26535 Medium The system will be configured to audit "Account Management -> Security Group Management" successes.
V-1115 Medium The built-in administrator account has not been renamed.
V-3377 Medium The system is configured to give anonymous users Everyone rights.
V-14237 Medium User Account Control is configured to detect application installations.
V-1114 Medium The built-in guest account has not been renamed.
V-3480 Medium Media Player is configured to allow automatic checking for updates.
V-15699 Medium Disable the Windows Connect Now wizards.
V-15666 Medium Turn off Windows Peer-to-Peer Networking Services.
V-15667 Medium Prohibit Network Bridge in Windows.
V-26532 Medium The system will be configured to audit "Account Management -> Computer Account Management" failures.
V-22692 Medium Configure the default autorun behavior to prevent autorun commands.
V-21975 Medium Prevent the system from joining a homegroup.
V-17416 Medium The Windows Firewall must be enabled for the Private Profile.
V-21973 Medium Turn off autoplay for non-volume devices.
V-14256 Medium Web publishing and online ordering wizards prevented from downloading list of providers.
V-14257 Medium Windows Messenger prevented from collecting anonymous information.
V-14254 Medium Client computers required to authenticate for RPC communication.
V-14255 Medium File and Folder Publish to Web option unavailable.
V-14253 Medium Restrict unauthenticated RPC clients.
V-14250 Medium Automatic Updates must not be used (unless configured to point to a DoD server).
V-15684 Medium IE security prompt is enabled for web-based installations.
V-26549 Medium The system will be configured to audit "Privilege Use -> Sensitive Privilege Use" successes.
V-26548 Medium The system will be configured to audit "Policy Change -> Authentication Policy Change" successes.
V-26547 Medium The system will be configured to audit "Policy Change -> Audit Policy Change" failures.
V-26546 Medium The system will be configured to audit "Policy Change -> Audit Policy Change" successes.
V-26545 Medium The system will be configured to audit "Object Access -> Registry" failures.
V-26544 Medium The system will be configured to audit "Object Access -> File System" failures.
V-26543 Medium The system will be configured to audit "Logon/Logoff -> Special Logon" successes.
V-26542 Medium The system will be configured to audit "Logon/Logoff -> Logon" failures.
V-26541 Medium The system will be configured to audit "Logon/Logoff -> Logon" successes.
V-26540 Medium The system will be configured to audit "Logon/Logoff -> Logoff" successes.
V-14228 Medium Audit access to global system objects is not turned off.
V-21980 Medium Explorer Data Execution Prevention is disabled.
V-15722 Medium Prevent Windows Media Digital Rights Management (DRM) from accessing the Internet.
V-4448 Medium Group Policy objects are not reprocessed if they have not changed.
V-3457 Medium Remote Desktop Services is not configured to set a time limit for disconnected sessions.
V-3456 Medium Remote Desktop Services is not configured to delete temporary folders.
V-17423 Medium Local firewall connection rules for the Windows Firewall must not be merged with group policy rules for the Private Profile.
V-26495 Medium Unauthorized accounts will not have the "Log on as a batch job" user right.
V-26494 Medium Unauthorized accounts will not have the "Lock pages in memory" user right.
V-26497 Medium Unauthorized accounts will not have the "Modify an object label" user right.
V-26558 Medium The system will be configured to audit "System -> System Integrity" failures.
V-26554 Medium The system will be configured to audit "System -> Security State Change" failures.
V-14229 Medium Audit of backup and restore privileges is not turned off.
V-26556 Medium The system will be configured to audit "System -> Security System Extension" failures.
V-26557 Medium The system will be configured to audit "System -> System Integrity" successes.
V-26550 Medium The system will be configured to audit "Privilege Use -> Sensitive Privilege Use" failures.
V-26551 Medium The system will be configured to audit "System -> IPSec Driver" successes.
V-26552 Medium The system will be configured to audit "System -> IPSec Driver" failures.
V-26553 Medium The system will be configured to audit "System -> Security State Change" successes.
V-16047 Medium Disable the built-in admin account.
V-15700 Medium Disable remote access to the plug and play interface.
V-15706 Medium Password is required on resume from sleep (plugged in).
V-15705 Medium Password is required on resume from sleep (on battery).
V-3666 Medium The system is not configured to meet the minimum requirement for session security for NTLM SSP based servers.
V-16020 Medium Windows Customer Experience Improvement Program is disabled.
V-1107 Medium Password uniqueness does not meet minimum requirements.
V-1105 Medium Minimum password age does not meet minimum requirements.
V-1104 Medium Maximum password age does not meet minimum requirements.
V-21951 Medium Computer Identity Authentication for NTLM is used.
V-21950 Medium Configure the SPN target name validation level.
V-21953 Medium Prevent PKU2U authentication using online identities.
V-21952 Medium Prevent NTLM from falling back to a Null session.
V-21954 Medium Configure Kerberos encryption types.
V-26579 Medium The Application event log will be configured to a minimum size requirement.
V-14234 Medium User Account Control for the built In admin runs in Admin Approval Mode
V-14235 Medium User Account Control is configured for the appropriate elevation prompt for administrators
V-14236 Medium User Account Control is configured for the appropriate elevation prompt for standard users.
V-28285 Medium Unauthorized users will not have the "Log on as a service" User Right.
V-15698 Medium The configuration of wireless devices using Windows Connect Now will be disabled.
V-26481 Medium Unauthorized accounts will not have the "Create permanent shared objects" user right.
V-1113 Medium The built-in guest account is not disabled.
V-26487 Medium Unauthorized accounts will not have the "Enable computer and user accounts to be trusted for delegation" user right.
V-26489 Medium Unauthorized accounts will not have the "Generate security audits" user right.
V-15711 Medium Turn off indexing of encrypted files.
V-15713 Medium Turn off Windows Defender SpyNet reporting.
V-15715 Medium Turn off Windows Error Reporting to Microsoft.
V-26555 Medium The system will be configured to audit "System -> Security System Extension" successes.
V-1075 Low The system allows shutdown from the logon dialog box.
V-1174 Low Amount of idle time required before suspending a session is improperly set.
V-1173 Low The default permissions of global system objects are not increased.
V-3373 Low The maximum age for machine account passwords is not set to requirements.
V-15701 Low Enable restore points for device driver installations.
V-17444 Low The Windows Firewall log file name and location must be configured for the Public Profile.
V-17440 Low The Windows Firewall must display notifications when a program is blocked from receiving an inbound connection for the Public Profile.
V-16007 Low 8dot3 name creation is prevented.
V-3375 Low Domain Controller authentication is not required to unlock the workstation.
V-1165 Low The computer account password is prevented from being reset.
V-3472 Low The system is configured to use an unauthorized time server.
V-1084 Low System pagefile is cleared upon shutdown.
V-1085 Low Floppy media devices are not allocated upon user logon.
V-17430 Low The Windows Firewall must display notifications when a program is blocked from receiving an inbound connection for the Private Profile.
V-17437 Low The Windows Firewall must log successful connections for the Private Profile.
V-17436 Low The Windows Firewall must log dropped packets for the Private Profile.
V-17435 Low The Windows Firewall log size must be configured for the Private Profile.
V-17434 Low The Windows Firewall log file name and location must be configured for the Private Profile.
V-4442 Low This check verifies that Windows is configured to have password protection take effect within a limited time frame when the screen saver becomes active.
V-11806 Low The system is configured to allow the display of the last user name on the logon screen.
V-1158 Low The Recovery Console SET command is enabled.
V-1150 Low The built-in Microsoft password filter is not enabled.
V-1151 Low Print driver installation privilege is not restricted to administrators.
V-1091 Low System halts once an event log has reached its maximum size.
V-1090 Low Caching of logon credentials is not limited.
V-26359 Low The Windows dialog box title for the legal banner must be configured.
V-17420 Low The Windows Firewall must display notifications when a program is blocked from receiving an inbound connection for the Domain Profile.
V-17424 Low The Windows Firewall log file name and location must be configured for the Domain Profile.
V-17425 Low The Windows Firewall log size must be configured for the Domain Profile.
V-17426 Low The Windows Firewall must log dropped packets for the Domain Profile.
V-17427 Low The Windows Firewall must log successful connections for the Domain Profile.
V-15686 Low Prevent users from installing vendor signed updates.
V-15687 Low Prevent first use dialog boxes for Windows Media Player from displaying for users.
V-1136 Low Users are not forcibly disconnected when logon hours expire.
V-15676 Low Order Prints Online is blocked.
V-15675 Low Windows Registration Wizard is blocked.
V-15673 Low The Internet Connection Wizard cannot download a list of ISPs from Microosft.
V-15672 Low Event Viewer events.asp links are available.
V-15671 Low Root certificates will not be updated automatically from Microsoft.
V-15680 Low Enabled classic logon.
V-4438 Low TCP data retransmissions are not controlled.
V-4112 Low The system is configured to detect and configure default gateway addresses.
V-4108 Low The system does not generate an audit event when the audit log reaches a percent full threshold.
V-17447 Low The Windows Firewall must log successful connections for the Public Profile.
V-17446 Low The Windows Firewall must log dropped packets for the Public Profile.
V-21971 Low Prevent the Application Compatibility Program Inventory from collecting data and sending the information to Microsoft.
V-21970 Low Disable Performance PerfTrack.
V-21978 Low Windows Anytime Upgrade is not disabled.
V-17445 Low The Windows Firewall log size must be configured for the Public Profile.
V-4113 Low The system is configured for a greater keep-alive time than recommended.
V-4111 Low The system is configured to redirect ICMP.
V-4110 Low The system is configured to allow IP source routing.
V-4116 Low The system is configured to allow name-release attacks.
V-21964 Low Prevent device metadata retrieval from the Internet.
V-21965 Low Prevent Windows Update for device driver search
V-21966 Low Prevent handwriting personalization data sharing with Microsoft.
V-21967 Low Prevent Microsoft Support Diagnostic Tool (MSDT) interactive communication with Microsoft.
V-21960 Low Require domain users to elevate when setting a network’s location.
V-21961 Low Route all Direct Access traffic through internal network.
V-21963 Low Prevent searching Windows Update for point and print drivers.
V-21969 Low Prevent access to Windows Online Troubleshooting Service (WOTS).
V-15703 Low Users will not be prompted to search Windows Update for device drivers.
V-15702 Low A Windows error report is not sent when a generic driver is installed.
V-15707 Low Session logging for Remote Assistance is enabled.
V-15704 Low Handwriting recognition error reports (Tablet PCs) are not sent to Microsoft.
V-15709 Low Disable Game Explorer information downloads.
V-17373 Low Secure Removable Media – CD-ROM
V-15717 Low Requests for additional data in response to Error Reporting will be declined.
V-21955 Low Configure IPv6 source routing to highest protection.
V-21956 Low Configure IPv6 TCP data retransmissions to prevent resources from becoming exhausted.
V-14231 Low The system must be configured to hide the computer from the browse list.
V-14232 Low IPSec exemptions are limited.
V-15712 Low Turn off indexing of mail items in Exchange Folder when Outlook is running in uncached mode.
V-15714 Low Log error reporting events in the system event log.
V-15718 Low Disable heap termination on corruption in Windows Explorer.
V-15719 Low Report whether logon server was accessible or cached credentials were used.
V-21974 Low Turn off downloading of game updates.
V-1172 Low Users are not warned in advance that their passwords will expire.