Security Technical Implementation Guides (STIGs)

Vulnerability ID	Severity	Description
V-254247	Medium	Windows Server 2022 must be maintained at a supported servicing level
V-254355	Medium	Windows Server 2022 administrator accounts must not be enumerated during elevation
V-254289	Medium	Windows Server 2022 maximum password age must be configured to 60 days or less
V-254447	Medium	Windows Server 2022 built-in administrator account must be renamed
V-254291	Medium	Windows Server 2022 minimum password length must be configured to 14 characters
V-254290	Medium	Windows Server 2022 minimum password age must be configured to at least one day
V-254351	Low	Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting...
V-254448	Medium	Windows Server 2022 built-in guest account must be renamed
V-254424	Medium	Windows Server 2022 Deny log on locally user right on domain controllers must be configured to pr...
V-254438	Medium	Windows Server 2022 Deny log on locally user right on domain-joined member servers must be config...
V-254440	Medium	Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right mus...
V-254426	Medium	Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right mus...
V-254446	High	Windows Server 2022 must prevent local accounts with blank passwords from being used from the net...
V-254429	Medium	Windows Server 2022 local administrator accounts must have their privileged token filtered to pre...
V-254445	Medium	Windows Server 2022 must have the built-in guest account disabled
V-254250	High	Windows Server 2022 local volumes must use a format that supports NTFS attributes
V-254372	Medium	Windows Server 2022 must prevent Indexing of encrypted files
V-254494	Medium	Windows Server 2022 back up files and directories user right must only be assigned to the Adminis...
V-254317	Medium	Windows Server 2022 must be configured to audit Object Access - Removable Storage successes
V-254285	Medium	Windows Server 2022 account lockout duration must be configured to 15 minutes or greater
V-254342	Medium	Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable c...
V-254376	Medium	Windows Server 2022 must disable automatically signing in the last interactive user after a syste...
V-254292	Medium	Windows Server 2022 must have the built-in Windows password complexity policy enabled
V-254287	Medium	Windows Server 2022 must have the period of time before the bad logon counter is reset configured...
V-254257	Medium	Windows Server 2022 accounts must require passwords
V-254293	High	Windows Server 2022 reversible password encryption must be disabled
V-254453	Medium	Windows Server 2022 computer account password must not be prevented from being reset
V-254286	Medium	Windows Server 2022 must have the number of allowed bad logon attempts configured to three or less
V-254483	Medium	Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without usi...
V-254482	Medium	Windows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must ...
V-254485	Medium	Windows Server 2022 User Account Control (UAC) must automatically deny standard user requests for...
V-254488	Medium	Windows Server 2022 User Account Control (UAC) must run all administrators in Admin Approval Mode...
V-254486	Medium	Windows Server 2022 User Account Control (UAC) must be configured to detect application installat...
V-254489	Medium	Windows Server 2022 User Account Control (UAC) must virtualize file and registry write failures t...
V-254484	Medium	Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for cons...
V-254487	Medium	Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are i...
V-254349	Medium	Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (on b...
V-254350	Medium	Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (plug...
V-254479	Medium	Windows Server 2022 users must be required to enter a password to access private keys stored on t...
V-254341	Medium	Windows Server 2022 command line data must be included in process creation events
V-254299	Medium	Windows Server 2022 Event Viewer must be protected from unauthorized modification and deletion
V-254358	Medium	Windows Server 2022 Application event log size must be configured to 32768 KB or greater
V-254359	Medium	Windows Server 2022 Security event log size must be configured to 196608 KB or greater
V-254360	Medium	Windows Server 2022 System event log size must be configured to 32768 KB or greater
V-254449	Medium	Windows Server 2022 must force audit policy subcategory settings to override audit policy categor...
V-254297	Medium	Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged a...
V-254298	Medium	Windows Server 2022 permissions for the System event log must prevent access by nonprivileged acc...
V-254352	High	Windows Server 2022 Autoplay must be turned off for nonvolume devices
V-254354	High	Windows Server 2022 AutoPlay must be disabled for all drives
V-254353	High	Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands
V-254334	Medium	Windows Server 2022 must have WDigest Authentication disabled
V-254500	High	Windows Server 2022 debug programs user right must only be assigned to the Administrators group
V-254417	Medium	Windows Server 2022 domain controllers must be configured to allow reset of machine account passw...
V-254416	Medium	Windows Server 2022 domain controllers must require LDAP access signing
V-254391	High	Windows Server 2022 permissions on the Active Directory data files must only allow System and Adm...
V-254392	High	Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permiss...
V-254427	Medium	The password for the krbtgt account on a domain must be reset at least every 180 days
V-254441	High	Windows Server 2022 must be running Credential Guard on domain-joined member servers
V-254432	Medium	Windows Server 2022 must limit the caching of logon credentials to four or less on domain-joined ...
V-254450	Medium	Windows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always)...
V-254451	Medium	Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) ...
V-254452	Medium	Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) mus...
V-254345	Medium	Windows Server 2022 group policy objects must be reprocessed even if they have not changed
V-254340	Medium	Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require m...
V-254430	Medium	Windows Server 2022 local users on domain-joined member servers must not be enumerated
V-254454	Medium	Windows Server 2022 maximum age for machine account passwords must be configured to 30 days or less
V-254476	Medium	Windows Server 2022 must be configured to at least negotiate signing for LDAP client signing
V-254364	Medium	Windows Server 2022 File Explorer shell protocol must run in protected mode
V-254248	Medium	Windows Server 2022 must use an antivirus program
V-254346	Medium	Windows Server 2022 downloading print driver packages over HTTP must be turned off
V-254344	Medium	Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
V-254456	Medium	Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the syste...
V-254347	Medium	Windows Server 2022 printing over HTTP must be turned off
V-254361	Medium	Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled
V-254333	Medium	Windows Server 2022 must prevent the display of slide shows on the lock screen
V-254265	Medium	Windows Server 2022 must have a host-based firewall installed and enabled
V-254371	Medium	Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP
V-254348	Medium	Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen
V-254370	Medium	Windows Server 2022 must prevent attachments from being downloaded from RSS feeds
V-254457	Medium	Windows Server 2022 required legal notice must be configured to display before console logon
V-254466	High	Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
V-254467	High	Windows Server 2022 must not allow anonymous enumeration of shares
V-254339	Medium	Windows Server 2022 insecure logons to an SMB server must be disabled
V-254473	Medium	Windows Server 2022 Kerberos encryption types must be configured to prevent the use of DES and RC...
V-254460	Medium	Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must...
V-254475	High	Windows Server 2022 LAN Manager authentication level must be configured to send NTLMv2 response o...
V-254461	Medium	Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server ag...
V-254463	Medium	Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must...
V-254464	Medium	Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client ag...
V-254468	Medium	Windows Server 2022 must be configured to prevent anonymous users from having the same permission...
V-254277	Medium	Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client
V-254276	Medium	Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server
V-254471	Medium	Windows Server 2022 must prevent NTLM from falling back to a Null session
V-254469	High	Windows Server 2022 must restrict anonymous access to Named Pipes and Shares
V-254433	Medium	Windows Server 2022 must restrict remote calls to the Security Account Manager (SAM) to Administr...
V-254470	Medium	Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authent...
V-254477	Medium	Windows Server 2022 session security for NTLM SSP-based clients must be configured to require NTL...
V-254478	Medium	Windows Server 2022 session security for NTLM SSP-based servers must be configured to require NTL...
V-254462	Medium	Windows Server 2022 unencrypted passwords must not be sent to third-party Server Message Block (S...
V-254275	Medium	Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed
V-254335	Low	Windows Server 2022 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
V-254272	Medium	Windows Server 2022 must not have Simple TCP/IP Services installed
V-254336	Low	Windows Server 2022 source routing must be configured to the highest protection level to prevent ...
V-254288	Medium	Windows Server 2022 password history must be configured to 24 passwords remembered
V-254258	Medium	Windows Server 2022 passwords must be configured to expire
V-254474	High	Windows Server 2022 must be configured to prevent the storage of the LAN Manager hash of passwords
V-254377	Medium	Windows Server 2022 PowerShell script block logging must be enabled
V-254278	Medium	Windows Server 2022 must not have Windows PowerShell 2.0 installed
V-254367	Medium	Windows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connec...

Security Technical Implementation Guides (STIGs)

Product

Severity

SRG

CCIs

STIG IDs

Rule IDs

Tags

AppLocker

EventSentry

Security

stig