UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows Vista Security Technical Implementation Guide


Overview

Date Finding Count (260)
2012-08-22 CAT I (High): 31 CAT II (Med): 157 CAT III (Low): 72
STIG Description
The Windows Vista Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows Vista Security Guide and security templates published by Microsoft Corporation. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-1074 High An approved DOD virus scan program is not used and/or updated.
V-1073 High Systems must be at supported service packs (SP) or releases levels.
V-26070 High Standard user accounts will only have Read permissions to the Winlogon registry key.
V-2908 High Unencrypted remote access is permitted to system services.
V-1081 High Local volumes are not formatted using NTFS.
V-17438 High Windows Firewall Public Profile – Inbound
V-6834 High Named Pipes and Shares can be accessed anonymously.
V-1159 High The Recovery Console option is set to permit automatic logon to the system.
V-1152 High Anonymous access to the Registry is not restricted.
V-1153 High The Send download LanMan compatible password option is not set to Send NTLMv2 response only\refuse LM.
V-1155 High User Right to Deny Access to this computer from the network is not configured to include Guests. (Anonymous Logon and Support_388945a0 in applicable Windows versions).
V-2374 High The system is configured to autoplay removable media.
V-32282 High Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key.
V-1093 High Anonymous shares are not restricted.
V-17428 High Windows Firewall Private Profile – Inbound
V-1145 High Administrator automatic logon is enabled.
V-17418 High Windows Firewall Domain Profile - Inbound Connections
V-3340 High Unauthorized shares can be accessed anonymously.
V-1121 High Installed FTP server is configured to allow access to the system drive.
V-3339 High Unauthorized registry paths are remotely accessible.
V-7002 High DOD information system access does not require the use of a password.
V-18010 High Unapproved Users have access to Debug programs.
V-3343 High Solicited Remote Assistance is allowed.
V-3347 High Internet Information System (IIS) or its subcomponents are installed on a workstation.
V-3344 High The use of local accounts with blank passwords is not restricted to console logons only.
V-4443 High Unauthorized registry paths and sub-paths are remotely accessible.
V-3338 High Unauthorized named pipes are accessible with anonymous credentials.
V-1102 High Unauthorized users are granted right to Act as part of the operating system.
V-17900 High Disallow AutoPlay/Autorun from Autorun.inf
V-3379 High The system is configured to store the LAN Manager hash of the password in the SAM.
V-3337 High Anonymous SID/Name translation is allowed.
V-1077 Medium ACLs for event logs will conform to minimum requirements.
V-1072 Medium Shared user accounts are permitted on the system.
V-1070 Medium Physical security of the Automated Information System (AIS) does not meet DISA requirements.
V-14259 Medium Prevent printing over HTTP.
V-15505 Medium The HBSS McAfee Agent is not installed.
V-3381 Medium The system is not configured to recommended LDAP client signing requirements.
V-3380 Medium The system is not configured to force users to log off when their allowed logon hours expire.
V-17448 Medium Windows Firewall Outbound Rule - IPv6 Block Protocols 41
V-17449 Medium Windows Firewall Outbound Rules - IPv6 Block UDP 3544
V-15725 Medium Gadgets – More Gadgets Link
V-15724 Medium Gadgets – Unsigned Gadgets
V-15727 Medium User Network Sharing
V-15721 Medium Windows Mail – Disable Application
V-15823 Medium Remove Software Certificate Installation Files
V-15723 Medium Meeting Space
V-17441 Medium Windows Firewall Public Profile - Unicast Response
V-3666 Medium The system is not configured to meet the minimum requirement for session security for NTLM SSP based Servers.
V-1168 Medium Members of the Backup Operators group do not have separate accounts for backup duties and normal operational tasks.
V-1164 Medium Outgoing secure channel traffic is not signed when possible.
V-1166 Medium The Windows SMB client is not enabled to perform SMB packet signing when possible.
V-3378 Medium The system is not configured to use the Classic security model.
V-1163 Medium Outgoing secure channel traffic is not encrypted when possible.
V-1162 Medium The Windows SMB server is not enabled to perform SMB packet signing when possible.
V-3471 Medium The system is configured to automatically forward error information.
V-3470 Medium The system is configured to allow unsolicited remote assistance offers.
V-1088 Medium Registry key auditing configuration does not meet minimum requirements.
V-1089 Medium The required legal notice must be configured to display before console logon.
V-3479 Medium The system is not configured to use Safe DLL Search Mode.
V-1080 Medium File-auditing configuration does not meet minimum requirements.
V-3245 Medium File share ACLs have not been reconfigured to remove the Everyone group.
V-17439 Medium Windows Firewall Public Profile - Outbound
V-17433 Medium Windows Firewall Private Profile - Apply Local Connection Rules
V-17432 Medium Windows Firewall Private - Apply Local Firewall Rules
V-17431 Medium Windows Firewall Private Profile - Unicast Response
V-6850 Medium Auditing records are configured as required.
V-15697 Medium Network – Responder Driver
V-15696 Medium Network – Mapper I/O Driver
V-6836 Medium For systems utilizing a logon ID as the individual identifier, passwords are not at a minimum of 14-characters.
V-6832 Medium The Windows Server SMB client is not enabled to always perform SMB packet signing.
V-6833 Medium The Windows Server SMB server is not enabled to always perform SMB packet signing.
V-6830 Medium DCOM calls are not executed under the security context of the calling user.
V-6831 Medium Outgoing secure channel traffic is not encrypted or signed.
V-14262 Medium IPv6 will be disabled until a deliberate transition strategy has been implemented. Use of IPv6 transition technologies will be disabled.
V-14261 Medium Windows is prevented from using Windows Update to search for drivers.
V-14260 Medium Computer prevented from downloading print driver packages over HTTP.
V-1154 Medium Ctrl+Alt+Del security attention sequence is Disabled.
V-14269 Medium Hide mechanism for removing Zone information from file attachments.
V-1157 Medium The Smart Card removal option is set to take no action.
V-1099 Medium Lockout duration does not meet minimum requirements.
V-1098 Medium Time before bad-logon counter is reset does not meet minimum requirements.
V-2372 Medium Reversible password encryption is not disabled.
V-3383 Medium The system is not configured to use FIPS compliant Algorithms for Encryption, Hashing, and Signing.
V-1140 Medium Users with Administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks.
V-1097 Medium Number of allowed bad-logon attempts does not meet minimum requirements.
V-3382 Medium The system is not configured to meet the minimum requirement for session security for NTLM SSP based Clients.
V-17429 Medium Windows Firewall Private Profile - Outbound
V-3376 Medium The system is configured to permit storage of credentials or .NET Passports.
V-3377 Medium The system is configured to give anonymous users Everyone rights.
V-3374 Medium The system is not configured to require a strong session key.
V-17421 Medium Windows Firewall Domain Profile - Unicast Response
V-17422 Medium Windows Firewall Domain Profile - Apply Local Firewall Rules
V-1171 Medium Ejection of removable NTFS media is not restricted to Administrators.
V-15682 Medium RSS Attachment Downloads
V-15683 Medium Windows Explorer – Shell Protocol Protected Mode
V-1141 Medium Unencrypted password is sent to 3rd party SMB Server.
V-15685 Medium Windows Installer – User Control
V-6825 Medium A Windows system has an incorrect default DCOM authorization level.
V-6826 Medium A Windows system has a writable DCOM configuration.
V-14270 Medium Notify antivirus when file attachments are opened.
V-14271 Medium Application account passwords length and change requirement
V-17415 Medium Windows Firewall Domain Profile - Enable Firewall
V-17417 Medium Windows Firewall Public Profile - Enable Firewall
V-3458 Medium Terminal Services idle session time limit does not meet the requirement.
V-3453 Medium Terminal Services is not configured to always prompt a client for passwords upon connection.
V-17419 Medium Windows Firewall Domain Profile - Outbound Connections
V-3455 Medium Terminal Services is configured to use a common temporary folder for all sessions.
V-3454 Medium Terminal Services is not configured with the client connection encryption set to the required level.
V-15666 Medium Windows Peer to Peer Networking
V-1130 Medium ACLs for system files and directories do not conform to minimum requirements.
V-1131 Medium A password filter that enforces DoD requirements is not installed.
V-1137 Medium An Auditors group has not been created to restrict access to the Windows Event Logs.
V-15679 Medium Windows Movie Maker Online Hosting
V-15678 Medium Windows Movie Maker Web Links
V-15677 Medium Windows Movie Maker Codec Downloads
V-15674 Medium Disable Internet File Association Service
V-14241 Medium User Account Control - Switch to secure desktop
V-14240 Medium User Account Control - Run all admins in Admin Approval Mode
V-14243 Medium Require username and password to elevate a running application.
V-14242 Medium User Account Control - Non UAC Compliant Application Virtualization
V-14247 Medium Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop Client
V-14249 Medium Terminal Services / Remote Desktop Services - Local drives prevented from sharing with Terminal Servers.
V-14248 Medium Terminal Services / Remote Desktop Services - Prevent users from connecting using Terminal Servies or Remote Desktop.
V-1119 Medium Booting into alternate operating systems is permitted.
V-3480 Medium Media Player is configured to allow automatic checking for updates.
V-1114 Medium The built-in guest account has not been renamed.
V-6840 Medium To the extent system capabilities permit, system mechanisms are not implemented to enforce automatic expiration of passwords and to prevent reuse.
V-3426 Medium The system is configured to allow remote desktop sharing through NetMeeting.
V-1120 Medium Installed FTP server is configured to allow prohibited logins.
V-1122 Medium The system configuration is not set with a password-protected screen saver.
V-1127 Medium A non-administrator account has administrator rights on the system.
V-15667 Medium Prohibit Network Bridge in Windows
V-15698 Medium Network – Windows Connect Now Wireless Configuration
V-17416 Medium Windows Firewall Private Profile - Enable Firewall
V-14258 Medium Search Companion prevented from automatically downloading content updates.
V-14256 Medium Web Publishing and online ordering wizards prevented from downloading list of providers.
V-14257 Medium Windows Messenger prevented from collecting anonymous information.
V-14254 Medium Client computers required to authenticate for RPC communication.
V-14255 Medium File and Folder Publish to Web option unavailable.
V-14253 Medium Restrict unauthenticated RPC clients.
V-14250 Medium Prevent Automatic Updates from being run.
V-15684 Medium Windows Installer – IE Security Prompt
V-3828 Medium Security-related Software Patches are not applied.
V-15726 Medium Gadgets – User Installed Gadgets
V-32274 Medium The DoD Interoperability Root CA to DoD Root CA 2 cross certificate must be installed.
V-17442 Medium Windows Firewall Public Profile - Apply Local Firewall Rules
V-32272 Medium The DoD Root Certificate must be installed.
V-32273 Medium The External CA Root Certificate must be installed.
V-3349 Medium Windows Messenger (MSN Messenger, .NET messenger) is run at system startup.
V-3348 Medium The user is allowed to launch Windows Messenger (MSN Messenger, .NET Messenger).
V-16048 Medium Disable Help Ratings feed back.
V-15722 Medium Media DRM – Internet Access
V-1118 Medium Event log sizes do not meet minimum requirements.
V-4448 Medium Group Policy objects are not reprocessed if they have not changed.
V-3457 Medium Terminal Services is not configured to set a time limit for disconnected sessions.
V-14268 Medium Preserve Zone information when saving attachments.
V-3456 Medium Terminal Services is not configured to delete temporary folders.
V-14229 Medium Audit of Backup and Restore Privileges is not turned off.
V-14228 Medium Audit Access to Global System Objects is not turned off.
V-3385 Medium The system is configured to allow case insensitivity.
V-14225 Medium Administrator Passwords are changed when necessary.
V-14224 Medium The system does not have a backup administrator account
V-16047 Medium Built-in Admin Account Status
V-15700 Medium Device Install – PnP Interface Remote Access
V-15706 Medium Power Mgmt – Password Wake When Plugged In
V-15705 Medium Power Mgmt – Password Wake on Battery
V-17443 Medium Windows Firewall Public Profile - Apply Local Connection Rules
V-2371 Medium ACLs for disabled services do not conform to minimum standards.
V-16021 Medium Help Experience Improvement Program is disabled.
V-16020 Medium Windows Customer Experience Improvement Program is disabled.
V-1103 Medium User rights and advanced user rights settings do not meet minimum requirements.
V-1107 Medium Password uniqueness does not meet minimum requirements.
V-1105 Medium Minimum password age does not meet minimum requirements.
V-1104 Medium Maximum password age does not meet minimum requirements.
V-14239 Medium User Account Control - Elevate UIAccess applications that are in secure locations
V-14230 Medium Audit policy using subcategories is enabled.
V-14234 Medium User Account Control - Built In Admin Approval Mode
V-14235 Medium User Account Control - Behavior of elevation prompt for administrators
V-14236 Medium User Account Control - Behavior of elevation prompt for standard users.
V-14237 Medium User Account Control - Detect Application Installations
V-1113 Medium The built-in guest account is not disabled.
V-1115 Medium The built-in administrator account has not been renamed.
V-15699 Medium Network – Windows Connect Now Wizards
V-15710 Medium Online Assistance – Untrusted Content
V-15711 Medium Search – Encrypted Files Indexing
V-15713 Medium Defender – SpyNet Reporting
V-15715 Medium Error Reporting – Windows Error Reporting
V-17423 Medium Windows Firewall Domain Profile - Apply Local Connection Rules
V-1076 Low System information backups are not created, updated, and protected according to DISA requirements.
V-1075 Low The system allows shutdown from the logon dialog box.
V-1174 Low Amount of idle time required before suspending a session is improperly set.
V-1172 Low Users are not warned in advance that their passwords will expire.
V-1173 Low The default permissions of Global system objects are not increased.
V-3373 Low The maximum age for machine account passwords is not set to requirements.
V-1135 Low Printer share permissions are not configured as recommended.
V-15701 Low Device Install – Drivers System Restore Point
V-16007 Low 8dot3 Name Creation Prevented
V-26359 Low The Windows dialog box title for the legal banner must be configured.
V-3472 Low The system is configured to use an unauthorized time server.
V-1165 Low The computer account password is prevented from being reset.
V-1084 Low System pagefile is cleared upon shutdown.
V-1085 Low Floppy media devices are not allocated upon user logon.
V-17430 Low Windows Firewall Private Profile - Display Notifications
V-17436 Low Windows Firewall Private Profile - Log Dropped Packets
V-17435 Low Windows Firewall Private Profile - Log Size
V-17434 Low Windows Firewall Private Profile - Log File
V-4442 Low This check verifies that Windows is configured to have password protection take effect within a limited time frame when the screen saver becomes active.
V-1158 Low The Recovery Console SET command is enabled.
V-1150 Low The built-in Microsoft password filter is not enabled.
V-1151 Low Print driver installation privilege is not restricted to administrators.
V-1091 Low System halts once an event log has reached its maximum size.
V-3375 Low Domain Controller authentication is not required to unlock the workstation.
V-17420 Low Windows Firewall Domain Profile - Display Notifications
V-17424 Low Windows Firewall Domain Profile - Log File
V-17425 Low Windows Firewall Domain Profile - Log Size
V-17426 Low Windows Firewall Domain Profile - Log Dropped Packets
V-17427 Low Windows Firewall Domain Profile - Log Sucessful Connections
V-15686 Low Windows Installer – Vendor Signed Updates
V-15687 Low Media Player – First Use Dialog Boxes
V-1148 Low Local users exist on a workstation in a domain.
V-1112 Low User account is dormant.
V-17437 Low Windows Firewall Private Profile - Log Successful Connections
V-15707 Low Remote Assistance – Session Logging
V-1136 Low Users are not forcibly disconnected when logon hours expire.
V-15676 Low Order Prints Online
V-15675 Low Windows Registration Wizard
V-15673 Low Internet Connection Wizard ISP Downloads
V-15672 Low Event Viewer Events.asp Links
V-15671 Low Root Certificates Update
V-15680 Low Classic Logon
V-15720 Low Windows Mail – Communities
V-4438 Low TCP data retransmissions are not controlled.
V-4112 Low The system is configured to detect and configure default gateway addresses.
V-4108 Low The system does not generate an audit event when the audit log reaches a percent full threshold.
V-1128 Low Security Configuration Tools are not being used to configure platforms for security compliance.
V-17446 Low Windows Firewall Public Profile - Log Dropped Packets
V-11806 Low The system is configured to allow the display of the last user name on the logon screen.
V-17447 Low Windows Firewall Public Profile - Log Successful Connections
V-17440 Low Windows Firewall Public Profile - Display Notifications
V-17445 Low Windows Firewall Public Profile - Log Size
V-4113 Low The system is configured for a greater keep-alive time than recommended.
V-4111 Low The system is configured to redirect ICMP.
V-4110 Low The system is configured to allow IP source routing.
V-4116 Low The system is configured to allow name-release attacks.
V-15703 Low Driver Install – Device Driver Search Prompt
V-15702 Low Device Install – Generic Driver Error Report
V-17444 Low Windows Firewall Public Profile - Log File
V-15704 Low Handwriting Recognition Error Reporting (Tablet PCs)
V-17374 Low User Account Control – Executable Elevation
V-15714 Low Error Reporting – Logging
V-15709 Low Game Explorer Information Downloads
V-15708 Low Digital Locker
V-17373 Low Secure Removable Media – CD-ROM
V-15717 Low Error Reporting – Additional Data
V-14231 Low Hide Computer from the browse list.
V-14232 Low IPSec Exemptions are limited.
V-15712 Low Search – Exchange Folder Indexing
V-1090 Low Caching of logon credentials is not limited.
V-15718 Low Windows Explorer – Heap Termination
V-15719 Low Logon – Report Logon Server