WinSrv2016V2R8 Convert

2024-05-04 16:01:54 -06:00 · 2024-05-04 16:01:54 -06:00 · 82a28fc444
--- a/source/StigData/Archive/Windows.Server.2016/U_MS_Windows_Server_2016_DC_STIG_V2R8_Manual-xccdf.log
+++ b/source/StigData/Archive/Windows.Server.2016/U_MS_Windows_Server_2016_DC_STIG_V2R8_Manual-xccdf.log
@ -0,0 +1,26 @@
+V-224834::\Windows::C:\Windows
+V-224835::'    (Domain controllers only)'::''
+V-224872::"Minimum password length,"::"Minimum password length"
+V-224970::*::''
+V-224971::The following results should be displayed:::C:\Windows\SYSVOL
+V-224971::NT AUTHORITY\Authenticated Users:(RX)::Type - "Allow" for all
+V-224971::NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(GR,GE)::Inherited from - "None" for all
+V-224971::BUILTIN\Server Operators:(RX)::Principal - Access - Applies to
+V-224971::BUILTIN\Server Operators:(OI)(CI)(IO)(GR,GE)::Authenticated Users - Read & execute - This folder, subfolder, and files
+V-224971::BUILTIN\Administrators:(M,WDAC,WO)::''
+V-224971::BUILTIN\Administrators:(OI)(CI)(IO)(F)::Server Operators - Read & execute - This folder, subfolder, and files
+V-224971::NT AUTHORITY\SYSTEM:(F)::Administrators - all selected except Full control - This folder only
+V-224971::NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)::CREATOR OWNER - Full control - Subfolders and files only
+V-224971::CREATOR OWNER:(OI)(CI)(IO)(F)::Administrators - Full control - Subfolders and files only
+V-224971::(RX) - Read & execute::SYSTEM - Full control - This folder, subfolders, and files
+V-224921::Value: RequireMutualAuthentication=1, RequireIntegrity=1::Value: RequireMutualAuthentication=1,RequireIntegrity=1
+V-224924::Value: 0x00000001 (1), 0x00000003 (3), or 0x00000008 (8) (or if the Value Name does not exist)::Value: 0x00000001 (1) or 0x00000003 (3) or 0x00000008 (8) (or if the Value Name does not exist)
+V-224957::Registry Path: \SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::Registry Path: \SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
+V-224936::Value: 0x00000000 (0) (Security), 0x00000001 (1) (Basic)::Value: 0x00000000 (0) (Security) or 0x00000001 (1) (Basic)
+V-225063::Value: 0x00000002 (2) (Prompt for consent on the secure desktop)::Value: 1 or 2
+V-225079::Passwords for application accounts with this user right must be protected as highly privileged accounts.::""
+V-225037::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-225088::The requirement must be documented with the ISSO.::If any accounts or groups other than the following are granted the "Perform volume maintenance tasks" user right, this is a finding.
+V-225021::Alternately, use the Certificates MMC snap-in::Subject: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-225021::Run "MMC".::Thumbprint: D37ECF61C0B4ED88681EF3630C4E2FC787B37AEFB
+V-225021::Select "File", "Add/Remove Snap-in".::NotAfter: 1/24/2053
--- a/source/StigData/Archive/Windows.Server.2016/U_MS_Windows_Server_2016_MS_STIG_V2R8_Manual-xccdf.log
+++ b/source/StigData/Archive/Windows.Server.2016/U_MS_Windows_Server_2016_MS_STIG_V2R8_Manual-xccdf.log
@ -0,0 +1,14 @@
+V-224921::Value: RequireMutualAuthentication=1, RequireIntegrity=1::Value: RequireMutualAuthentication=1,RequireIntegrity=1
+V-224924::Value: 0x00000001 (1), 0x00000003 (3), or 0x00000008 (8) (or if the Value Name does not exist)::Value: 0x00000001 (1) or 0x00000003 (3) or 0x00000008 (8) (or if the Value Name does not exist)
+V-224957::Registry Path: \SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::Registry Path: \SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\
+V-224936::Value: 0x00000000 (0) (Security), 0x00000001 (1) (Basic)::Value: 0x00000000 (0) (Security) or 0x00000001 (1) (Basic)
+V-225063::Value: 0x00000002 (2) (Prompt for consent on the secure desktop)::Value: 1 or 2
+V-224834::\Windows::C:\Windows
+V-224872::"Minimum password length,"::"Minimum password length"
+V-225078::- Administrators::- Administrators`r`nHyper-V
+V-225079::Passwords for application accounts with this user right must be protected as highly privileged accounts.::""
+V-225037::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-225088::The requirement must be documented with the ISSO.::If any accounts or groups other than the following are granted the "Perform volume maintenance tasks" user right, this is a finding.
+V-225021::Alternately, use the Certificates MMC snap-in::Subject: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-225021::Run "MMC".::Thumbprint: D37ECF61C0B4ED88681EF3630C4E2FC787B37AEFB
+V-225021::Select "File", "Add/Remove Snap-in".::NotAfter: 1/24/2053
--- a/source/StigData/Processed/WindowsServer-2016-DC-2.8.org.default.xml
+++ b/source/StigData/Processed/WindowsServer-2016-DC-2.8.org.default.xml
@ -0,0 +1,85 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="2.8">
+  <!-- Ensure ''V-224923.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-224923.b" ValueData="" />
+  <!-- Ensure ''V-224924'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224924" ValueData="" />
+  <!-- Ensure ''V-224936'' -match '0|1'-->
+  <OrganizationalSetting id="V-224936" ValueData="" />
+  <!-- Ensure ''V-224937'' -ge '32768'-->
+  <OrganizationalSetting id="V-224937" ValueData="" />
+  <!-- Ensure ''V-224938'' -ge '196608'-->
+  <OrganizationalSetting id="V-224938" ValueData="" />
+  <!-- Ensure ''V-224939'' -ge '32768'-->
+  <OrganizationalSetting id="V-224939" ValueData="" />
+  <!-- Ensure ''V-224941'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224941" ValueData="" />
+  <!-- Ensure ''V-224942'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224942" ValueData="" />
+  <!-- Ensure ''V-224943'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224943" ValueData="" />
+  <!-- Ensure ''V-224951'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224951" ValueData="" />
+  <!-- Ensure ''V-224955'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224955" ValueData="" />
+  <!-- Ensure ''V-224966'' -le '600' -and ''V-224966'' -ne '0'-->
+  <OrganizationalSetting id="V-224966" PolicyValue="" />
+  <!-- Ensure ''V-224967'' -le '10' -and ''V-224967'' -ne '0'-->
+  <OrganizationalSetting id="V-224967" PolicyValue="" />
+  <!-- Ensure ''V-224968'' -le '7'-->
+  <OrganizationalSetting id="V-224968" PolicyValue="" />
+  <!-- Ensure ''V-224969'' -le '5'-->
+  <OrganizationalSetting id="V-224969" PolicyValue="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-225021.a" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-225021.b" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-225021.c" Location="" />
+  <!-- Ensure location for DoD Root CA 6 certificate is present-->
+  <OrganizationalSetting id="V-225021.d" Location="" />
+  <!-- Ensure location for DoD Root CA 6 certificate is present-->
+  <OrganizationalSetting id="V-225021.e" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225022" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225023" Location="" />
+  <!-- Ensure ''V-225033'' -le '30' -and ''V-225033'' -gt '0'-->
+  <OrganizationalSetting id="V-225033" ValueData="" />
+  <!-- Ensure ''V-225035'' -le '900' -and ''V-225035'' -gt '0'-->
+  <OrganizationalSetting id="V-225035" ValueData="" />
+  <!-- Ensure 'V-225036' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-225036" ValueData="" />
+  <!-- Ensure ''V-225037'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-225037" ValueData="" />
+  <!-- Ensure ''V-225038'' -match '1|2'-->
+  <OrganizationalSetting id="V-225038" ValueData="" />
+  <!-- Ensure ''V-225063'' -match '1|2'-->
+  <OrganizationalSetting id="V-225063" ValueData="" />
+  <!-- Ensure ''V-225069'' -match '2|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-225069" ValueData="" />
+  <!-- Ensure ''V-224866'' -ge '15' -or ''V-224866'' -eq '0'-->
+  <OrganizationalSetting id="V-224866" PolicyValue="" />
+  <!-- Ensure ''V-224867'' -le '3' -and ''V-224867'' -ne '0'-->
+  <OrganizationalSetting id="V-224867" PolicyValue="" />
+  <!-- Ensure ''V-224868'' -ge '15'-->
+  <OrganizationalSetting id="V-224868" PolicyValue="" />
+  <!-- Ensure ''V-224869'' -ge '24'-->
+  <OrganizationalSetting id="V-224869" PolicyValue="" />
+  <!-- Ensure ''V-224870'' -le '60' -and ''V-224870'' -ne '0'-->
+  <OrganizationalSetting id="V-224870" PolicyValue="" />
+  <!-- Ensure ''V-224871'' -ne '0'-->
+  <OrganizationalSetting id="V-224871" PolicyValue="" />
+  <!-- Ensure ''V-224872'' -ge '14'-->
+  <OrganizationalSetting id="V-224872" PolicyValue="" />
+  <!-- Ensure ''V-225026'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-225026" OptionValue="" />
+  <!-- Ensure ''V-225027'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-225027" OptionValue="" />
+</OrganizationalSettings>
--- a/source/StigData/Processed/WindowsServer-2016-DC-2.8.xml
+++ b/source/StigData/Processed/WindowsServer-2016-DC-2.8.xml
--- a/source/StigData/Processed/WindowsServer-2016-MS-2.8.org.default.xml
+++ b/source/StigData/Processed/WindowsServer-2016-MS-2.8.org.default.xml
@ -0,0 +1,83 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="2.8">
+  <!-- Ensure ''V-224923.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-224923.b" ValueData="" />
+  <!-- Ensure ''V-224924'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224924" ValueData="" />
+  <!-- Ensure ''V-224936'' -match '0|1'-->
+  <OrganizationalSetting id="V-224936" ValueData="" />
+  <!-- Ensure ''V-224937'' -ge '32768'-->
+  <OrganizationalSetting id="V-224937" ValueData="" />
+  <!-- Ensure ''V-224938'' -ge '196608'-->
+  <OrganizationalSetting id="V-224938" ValueData="" />
+  <!-- Ensure ''V-224939'' -ge '32768'-->
+  <OrganizationalSetting id="V-224939" ValueData="" />
+  <!-- Ensure ''V-224941'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224941" ValueData="" />
+  <!-- Ensure ''V-224942'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224942" ValueData="" />
+  <!-- Ensure ''V-224943'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224943" ValueData="" />
+  <!-- Ensure ''V-224951'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224951" ValueData="" />
+  <!-- Ensure ''V-224955'' -match '0|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-224955" ValueData="" />
+  <!-- Ensure ''V-225011'' -le '4'-->
+  <OrganizationalSetting id="V-225011" ValueData="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-225021.a" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-225021.b" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-225021.c" Location="" />
+  <!-- Ensure location for DoD Root CA 6 certificate is present-->
+  <OrganizationalSetting id="V-225021.d" Location="" />
+  <!-- Ensure location for DoD Root CA 6 certificate is present-->
+  <OrganizationalSetting id="V-225021.e" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225022" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-225023" Location="" />
+  <!-- Ensure ''V-225033'' -le '30' -and ''V-225033'' -gt '0'-->
+  <OrganizationalSetting id="V-225033" ValueData="" />
+  <!-- Ensure ''V-225035'' -le '900' -and ''V-225035'' -gt '0'-->
+  <OrganizationalSetting id="V-225035" ValueData="" />
+  <!-- Ensure 'V-225036' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-225036" ValueData="" />
+  <!-- Ensure ''V-225037'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-225037" ValueData="" />
+  <!-- Ensure ''V-225038'' -match '1|2'-->
+  <OrganizationalSetting id="V-225038" ValueData="" />
+  <!-- Ensure ''V-225063'' -match '1|2'-->
+  <OrganizationalSetting id="V-225063" ValueData="" />
+  <!-- Ensure ''V-225069'' -match '2|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-225069" ValueData="" />
+  <!-- Ensure ''V-224866'' -ge '15' -or ''V-224866'' -eq '0'-->
+  <OrganizationalSetting id="V-224866" PolicyValue="" />
+  <!-- Ensure ''V-224867'' -le '3' -and ''V-224867'' -ne '0'-->
+  <OrganizationalSetting id="V-224867" PolicyValue="" />
+  <!-- Ensure ''V-224868'' -ge '15'-->
+  <OrganizationalSetting id="V-224868" PolicyValue="" />
+  <!-- Ensure ''V-224869'' -ge '24'-->
+  <OrganizationalSetting id="V-224869" PolicyValue="" />
+  <!-- Ensure ''V-224870'' -le '60' -and ''V-224870'' -ne '0'-->
+  <OrganizationalSetting id="V-224870" PolicyValue="" />
+  <!-- Ensure ''V-224871'' -ne '0'-->
+  <OrganizationalSetting id="V-224871" PolicyValue="" />
+  <!-- Ensure ''V-224872'' -ge '14'-->
+  <OrganizationalSetting id="V-224872" PolicyValue="" />
+  <!-- Ensure ''V-225015'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
+  <OrganizationalSetting id="V-225015" Identity="" />
+  <!-- Ensure ''V-225026'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-225026" OptionValue="" />
+  <!-- Ensure ''V-225027'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-225027" OptionValue="" />
+  <!-- Ensure ''V-225078'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-225078" Identity="" />
+</OrganizationalSettings>
--- a/source/StigData/Processed/WindowsServer-2016-MS-2.8.xml
+++ b/source/StigData/Processed/WindowsServer-2016-MS-2.8.xml