Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Unnecessary features will not be installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16006 | 5.260 | SV-32277r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Windows Server 2008 includes additional features available for installation through Server Manager. The majority of these are unnecessary for the server roles and may also increase the attack surface of the system. |
| STIG | Date |
|---|---|
| Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Details
| Check Text ( C-32841r1_chk ) |
|---|
| Start “Server Manager”. Select “Features” node. View Features Summary to determine any installed features. The “Add Features” link provides a complete list of available features Any installed features must be documented with the IAO to include the reason for installation and any mitigations of risk. Current Exceptions: Group Policy Management, Windows Server Backup Features, Bitlocker. If any unnecessary, undocumented features are installed, then this is a finding. |
| Fix Text (F-29055r1_fix) |
|---|
| Uninstall any unnecessary, undocumented features. |