Initial Conversion

2023-05-19 10:41:11 -06:00 · 2023-05-19 10:41:11 -06:00 · 490b9e59e9
--- a/source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R3_Manual-xccdf.log
+++ b/source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R3_Manual-xccdf.log
@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.
--- a/source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R3_Manual-xccdf.log
+++ b/source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R3_Manual-xccdf.log
@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.
--- a/source/StigData/Processed/WindowsServer-2022-DC-1.3.org.default.xml
+++ b/source/StigData/Processed/WindowsServer-2022-DC-1.3.org.default.xml
@ -0,0 +1,75 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.3">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="" />
+  <!-- Ensure ''V-254387'' -le '600' -and ''V-254387'' -ne '0'-->
+  <OrganizationalSetting id="V-254387" PolicyValue="" />
+  <!-- Ensure ''V-254388'' -le '10' -and ''V-254388'' -ne '0'-->
+  <OrganizationalSetting id="V-254388" PolicyValue="" />
+  <!-- Ensure ''V-254389'' -le '7'-->
+  <OrganizationalSetting id="V-254389" PolicyValue="" />
+  <!-- Ensure ''V-254390'' -le '5'-->
+  <OrganizationalSetting id="V-254390" PolicyValue="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="" />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="" />
+</OrganizationalSettings>
--- a/source/StigData/Processed/WindowsServer-2022-DC-1.3.xml
+++ b/source/StigData/Processed/WindowsServer-2022-DC-1.3.xml
--- a/source/StigData/Processed/WindowsServer-2022-MS-1.3.org.default.xml
+++ b/source/StigData/Processed/WindowsServer-2022-MS-1.3.org.default.xml
@ -0,0 +1,71 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.3">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="" />
+  <!-- Ensure ''V-254432'' -le '4'-->
+  <OrganizationalSetting id="V-254432" ValueData="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="" />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="" />
+  <!-- Ensure ''V-254435'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
+  <OrganizationalSetting id="V-254435" Identity="" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="" />
+</OrganizationalSettings>
--- a/source/StigData/Processed/WindowsServer-2022-MS-1.3.xml
+++ b/source/StigData/Processed/WindowsServer-2022-MS-1.3.xml