microsoft
/
PowerStig
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Initial Conversion

This commit is contained in:
Russell Anderson 2023-05-19 10:41:11 -06:00
Родитель 213cefd67c
Коммит 490b9e59e9
6 изменённых файлов: 14634 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

19
source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R3_Manual-xccdf.log Normal file
Просмотреть файл

@ -0,0 +1,19 @@
V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
V-254255::*::''
V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
V-254291::"Minimum password length,"::"Minimum password length"
V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

19
source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R3_Manual-xccdf.log Normal file
Просмотреть файл

@ -0,0 +1,19 @@
V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
V-254255::*::''
V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
V-254291::"Minimum password length,"::"Minimum password length"
V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

75
source/StigData/Processed/WindowsServer-2022-DC-1.3.org.default.xml Normal file
Просмотреть файл

@ -0,0 +1,75 @@
<!--
The organizational settings file is used to define the local organizations
preferred setting within an allowed range of the STIG.
Each setting in this file is linked by STIG ID and the valid range is in an
associated comment.
-->
<OrganizationalSettings fullversion="1.3">
<!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
<OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
<!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
<OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
<!-- Ensure ''V-254343.b'' -match '1|3'-->
<OrganizationalSetting id="V-254343.b" ValueData="" />
<!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
<OrganizationalSetting id="V-254344" ValueData="" />
<!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
<OrganizationalSetting id="V-254357" ValueData="" />
<!-- Ensure ''V-254358'' -ge '32768'-->
<OrganizationalSetting id="V-254358" ValueData="" />
<!-- Ensure ''V-254359'' -ge '196608'-->
<OrganizationalSetting id="V-254359" ValueData="" />
<!-- Ensure ''V-254360'' -ge '32768'-->
<OrganizationalSetting id="V-254360" ValueData="" />
<!-- Ensure ''V-254387'' -le '600' -and ''V-254387'' -ne '0'-->
<OrganizationalSetting id="V-254387" PolicyValue="" />
<!-- Ensure ''V-254388'' -le '10' -and ''V-254388'' -ne '0'-->
<OrganizationalSetting id="V-254388" PolicyValue="" />
<!-- Ensure ''V-254389'' -le '7'-->
<OrganizationalSetting id="V-254389" PolicyValue="" />
<!-- Ensure ''V-254390'' -le '5'-->
<OrganizationalSetting id="V-254390" PolicyValue="" />
<!-- Ensure location for DoD Root CA 3 certificate is present-->
<OrganizationalSetting id="V-254442.a" Location="" />
<!-- Ensure location for DoD Root CA 4 certificate is present-->
<OrganizationalSetting id="V-254442.b" Location="" />
<!-- Ensure location for DoD Root CA 5 certificate is present-->
<OrganizationalSetting id="V-254442.c" Location="" />
<!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
<OrganizationalSetting id="V-254443" Location="" />
<!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
<OrganizationalSetting id="V-254444" Location="" />
<!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
<OrganizationalSetting id="V-254454" ValueData="" />
<!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
<OrganizationalSetting id="V-254456" ValueData="" />
<!-- Ensure 'V-254457' is set to the required legal notice before logon-->
<OrganizationalSetting id="V-254457" ValueData="" />
<!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
<OrganizationalSetting id="V-254458" ValueData="" />
<!-- Ensure ''V-254459'' -match '1|2'-->
<OrganizationalSetting id="V-254459" ValueData="" />
<!-- Ensure ''V-254484'' -match '1|2'-->
<OrganizationalSetting id="V-254484" ValueData="" />
<!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
<OrganizationalSetting id="V-254285" PolicyValue="" />
<!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
<OrganizationalSetting id="V-254286" PolicyValue="" />
<!-- Ensure ''V-254287'' -ge '15'-->
<OrganizationalSetting id="V-254287" PolicyValue="" />
<!-- Ensure ''V-254288'' -ge '24'-->
<OrganizationalSetting id="V-254288" PolicyValue="" />
<!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
<OrganizationalSetting id="V-254289" PolicyValue="" />
<!-- Ensure ''V-254290'' -ne '0'-->
<OrganizationalSetting id="V-254290" PolicyValue="" />
<!-- Ensure ''V-254291'' -ge '14'-->
<OrganizationalSetting id="V-254291" PolicyValue="" />
<!-- Ensure ''V-254447'' -ne 'Administrator'-->
<OrganizationalSetting id="V-254447" OptionValue="" />
<!-- Ensure ''V-254448'' -ne 'Guest'-->
<OrganizationalSetting id="V-254448" OptionValue="" />
<!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
<OrganizationalSetting id="V-254499" Identity="" />
</OrganizationalSettings>

7775
source/StigData/Processed/WindowsServer-2022-DC-1.3.xml Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

71
source/StigData/Processed/WindowsServer-2022-MS-1.3.org.default.xml Normal file
Просмотреть файл

@ -0,0 +1,71 @@
<!--
The organizational settings file is used to define the local organizations
preferred setting within an allowed range of the STIG.
Each setting in this file is linked by STIG ID and the valid range is in an
associated comment.
-->
<OrganizationalSettings fullversion="1.3">
<!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
<OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
<!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
<OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
<!-- Ensure ''V-254343.b'' -match '1|3'-->
<OrganizationalSetting id="V-254343.b" ValueData="" />
<!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
<OrganizationalSetting id="V-254344" ValueData="" />
<!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
<OrganizationalSetting id="V-254357" ValueData="" />
<!-- Ensure ''V-254358'' -ge '32768'-->
<OrganizationalSetting id="V-254358" ValueData="" />
<!-- Ensure ''V-254359'' -ge '196608'-->
<OrganizationalSetting id="V-254359" ValueData="" />
<!-- Ensure ''V-254360'' -ge '32768'-->
<OrganizationalSetting id="V-254360" ValueData="" />
<!-- Ensure ''V-254432'' -le '4'-->
<OrganizationalSetting id="V-254432" ValueData="" />
<!-- Ensure location for DoD Root CA 3 certificate is present-->
<OrganizationalSetting id="V-254442.a" Location="" />
<!-- Ensure location for DoD Root CA 4 certificate is present-->
<OrganizationalSetting id="V-254442.b" Location="" />
<!-- Ensure location for DoD Root CA 5 certificate is present-->
<OrganizationalSetting id="V-254442.c" Location="" />
<!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
<OrganizationalSetting id="V-254443" Location="" />
<!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
<OrganizationalSetting id="V-254444" Location="" />
<!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
<OrganizationalSetting id="V-254454" ValueData="" />
<!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
<OrganizationalSetting id="V-254456" ValueData="" />
<!-- Ensure 'V-254457' is set to the required legal notice before logon-->
<OrganizationalSetting id="V-254457" ValueData="" />
<!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
<OrganizationalSetting id="V-254458" ValueData="" />
<!-- Ensure ''V-254459'' -match '1|2'-->
<OrganizationalSetting id="V-254459" ValueData="" />
<!-- Ensure ''V-254484'' -match '1|2'-->
<OrganizationalSetting id="V-254484" ValueData="" />
<!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
<OrganizationalSetting id="V-254285" PolicyValue="" />
<!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
<OrganizationalSetting id="V-254286" PolicyValue="" />
<!-- Ensure ''V-254287'' -ge '15'-->
<OrganizationalSetting id="V-254287" PolicyValue="" />
<!-- Ensure ''V-254288'' -ge '24'-->
<OrganizationalSetting id="V-254288" PolicyValue="" />
<!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
<OrganizationalSetting id="V-254289" PolicyValue="" />
<!-- Ensure ''V-254290'' -ne '0'-->
<OrganizationalSetting id="V-254290" PolicyValue="" />
<!-- Ensure ''V-254291'' -ge '14'-->
<OrganizationalSetting id="V-254291" PolicyValue="" />
<!-- Ensure ''V-254435'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
<OrganizationalSetting id="V-254435" Identity="" />
<!-- Ensure ''V-254447'' -ne 'Administrator'-->
<OrganizationalSetting id="V-254447" OptionValue="" />
<!-- Ensure ''V-254448'' -ne 'Guest'-->
<OrganizationalSetting id="V-254448" OptionValue="" />
<!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
<OrganizationalSetting id="V-254499" Identity="" />
</OrganizationalSettings>

6675
source/StigData/Processed/WindowsServer-2022-MS-1.3.xml Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу