| Vulnerability ID |
Severity |
Description |
|
V-260590
|
Medium
|
Ubuntu 22.04 LTS must have the "auditd" package installed
|
|
V-260591
|
Medium
|
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when,...
|
|
V-254456
|
Medium
|
Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the syste...
|
|
V-205633
|
Medium
|
Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the syste...
|
|
V-260573
|
Medium
|
Ubuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accoun...
|
|
V-254265
|
Medium
|
Windows Server 2022 must have a host-based firewall installed and enabled
|
|
V-254292
|
Medium
|
Windows Server 2022 must have the built-in Windows password complexity policy enabled
|
|
V-205652
|
Medium
|
Windows Server 2019 must have the built-in Windows password complexity policy enabled
|
|
V-254451
|
Medium
|
Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) ...
|
|
V-205822
|
Medium
|
Windows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) ...
|
|
V-254452
|
Medium
|
Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) mus...
|
|
V-205823
|
Medium
|
Windows Server 2019 setting Domain member: Digitally sign secure channel data (when possible) mus...
|
|
V-254367
|
Medium
|
Windows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connec...
|
|
V-205809
|
Medium
|
Windows Server 2019 Remote Desktop Services must always prompt a client for passwords upon connec...
|
|
V-254369
|
Medium
|
Windows Server 2022 Remote Desktop Services must be configured with the client connection encrypt...
|
|
V-205637
|
Medium
|
Windows Server 2019 Remote Desktop Services must be configured with the client connection encrypt...
|
|
V-260558
|
Medium
|
Ubuntu 22.04 LTS must require users to reauthenticate for privilege escalation or when changing r...
|
|
V-260524
|
High
|
Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted informa...
|
|
V-254488
|
Medium
|
Windows Server 2022 User Account Control (UAC) must run all administrators in Admin Approval Mode...
|
|
V-205813
|
Medium
|
Windows Server 2019 User Account Control must run all administrators in Admin Approval Mode, enab...
|
|
V-254450
|
Medium
|
Windows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always)...
|
|
V-205821
|
Medium
|
Windows Server 2019 setting Domain member: Digitally encrypt or sign secure channel data (always)...
|
|
V-254460
|
Medium
|
Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must...
|
|
V-205825
|
Medium
|
Windows Server 2019 setting Microsoft network client: Digitally sign communications (always) must...
|
|
V-254461
|
Medium
|
Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server ag...
|
|
V-205826
|
Medium
|
Windows Server 2019 setting Microsoft network client: Digitally sign communications (if server ag...
|
|
V-254463
|
Medium
|
Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must...
|
|
V-205827
|
Medium
|
Windows Server 2019 setting Microsoft network server: Digitally sign communications (always) must...
|
|
V-254464
|
Medium
|
Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client ag...
|
|
V-205828
|
Medium
|
Windows Server 2019 setting Microsoft network server: Digitally sign communications (if client ag...
|
|
V-254297
|
Medium
|
Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged a...
|
|
V-205641
|
Medium
|
Windows Server 2019 permissions for the Security event log must prevent access by non-privileged ...
|
|
V-254298
|
Medium
|
Windows Server 2022 permissions for the System event log must prevent access by nonprivileged acc...
|
|
V-205642
|
Medium
|
Windows Server 2019 permissions for the System event log must prevent access by non-privileged ac...
|
|
V-260556
|
Medium
|
Ubuntu 22.04 LTS must have the "apparmor" package installed
|
|
V-260575
|
Medium
|
Ubuntu 22.04 LTS must implement smart card logins for multifactor authentication for local and ne...
|
|
V-254482
|
Medium
|
Windows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must ...
|
|
V-205811
|
Medium
|
Windows Server 2019 User Account Control approval mode for the built-in Administrator must be ena...
|
|
V-254485
|
Medium
|
Windows Server 2022 User Account Control (UAC) must automatically deny standard user requests for...
|
|
V-205812
|
Medium
|
Windows Server 2019 User Account Control must automatically deny standard user requests for eleva...
|
|
V-253444
|
Medium
|
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver
|
|
V-260523
|
High
|
Ubuntu 22.04 LTS must have SSH installed
|
|
V-254391
|
High
|
Windows Server 2022 permissions on the Active Directory data files must only allow System and Adm...
|
|
V-260553
|
Medium
|
Ubuntu 22.04 LTS must allow users to directly initiate a session lock for all connection types
|
|
V-260484
|
Medium
|
Ubuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and m...
|
|
V-205630
|
Medium
|
Windows Server 2019 must have the period of time before the bad logon counter is reset configured...
|
|
V-254299
|
Medium
|
Windows Server 2022 Event Viewer must be protected from unauthorized modification and deletion
|
|
V-205731
|
Medium
|
Windows Server 2019 Event Viewer must be protected from unauthorized modification and deletion
|
|
V-254416
|
Medium
|
Windows Server 2022 domain controllers must require LDAP access signing
|
|
V-205820
|
Medium
|
Windows Server 2019 domain controllers must require LDAP access signing
|
|
V-260543
|
Medium
|
Ubuntu 22.04 LTS must uniquely identify interactive users
|
|
V-260557
|
Medium
|
Ubuntu 22.04 LTS must be configured to use AppArmor
|
|
V-260650
|
High
|
Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified informatio...
|
|
V-260584
|
Medium
|
Ubuntu 22.04 LTS must notify designated personnel if baseline configurations are changed in an un...
|
|
V-260597
|
Medium
|
Ubuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by ...
|
|
V-260492
|
Medium
|
Ubuntu 22.04 LTS must configure audit tools with a mode of "755" or less permissive
|
|
V-260507
|
Medium
|
Ubuntu 22.04 LTS must configure audit tools to be owned by "root"
|
|
V-260548
|
Medium
|
Ubuntu 22.04 LTS must automatically expire temporary accounts within 72 hours
|
|
V-260549
|
Low
|
Ubuntu 22.04 LTS must automatically lock an account until the locked account is released by an ad...
|
|
V-253445
|
Medium
|
The required legal notice must be configured to display before console logon
|
|
V-260592
|
Low
|
Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a differen...
|
|
V-254457
|
Medium
|
Windows Server 2022 required legal notice must be configured to display before console logon
|
|
V-205631
|
Medium
|
Windows Server 2019 required legal notice must be configured to display before console logon
|
|
V-254372
|
Medium
|
Windows Server 2022 must prevent Indexing of encrypted files
|
|
V-253409
|
Medium
|
Indexing of encrypted files must be turned off
|
|
V-220855
|
Medium
|
Indexing of encrypted files must be turned off
|
|
V-253407
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-220853
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-253360
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-205694
|
Medium
|
Windows Server 2019 must prevent Indexing of encrypted files
|
|
V-254417
|
Medium
|
Windows Server 2022 domain controllers must be configured to allow reset of machine account passw...
|
|
V-253281
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-220724
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-214936
|
Medium
|
Windows Server 2019 must have a host-based firewall installed and enabled
|
|
V-253378
|
Medium
|
The network selection user interface (UI) must not be displayed on the logon screen
|
|
V-220819
|
Medium
|
The network selection user interface (UI) must not be displayed on the logon screen
|
|
V-254370
|
Medium
|
Windows Server 2022 must prevent attachments from being downloaded from RSS feeds
|
|
V-205873
|
Medium
|
Windows Server 2019 must prevent attachments from being downloaded from RSS feeds
|
|
V-254339
|
Medium
|
Windows Server 2022 insecure logons to an SMB server must be disabled
|
|
V-205861
|
Medium
|
Windows Server 2019 insecure logons to an SMB server must be disabled
|
|
V-254471
|
Medium
|
Windows Server 2022 must prevent NTLM from falling back to a Null session
|
|
V-205917
|
Medium
|
Windows Server 2019 must prevent NTLM from falling back to a Null session
|
|
V-253458
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-220934
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-253277
|
Medium
|
Simple TCP/IP Services must not be installed on the system
|
|
V-220720
|
Medium
|
Simple TCP/IP Services must not be installed on the system
|
|
V-253273
|
Medium
|
Accounts must be configured to require password expiration
|
|
V-220716
|
Medium
|
Accounts must be configured to require password expiration
|
|
V-254247
|
Medium
|
Windows Server 2022 must be maintained at a supported servicing level
|
|
V-205849
|
High
|
Windows Server 2019 must be maintained at a supported servicing level
|
|
V-253265
|
High
|
Local volumes must be formatted using NTFS
|
|
V-220708
|
High
|
Local volumes must be formatted using NTFS
|
|
V-253387
|
High
|
The default autorun behavior must be configured to prevent autorun commands
|
|
V-220828
|
Medium
|
The default autorun behavior must be configured to prevent autorun commands
|
|
V-254348
|
Medium
|
Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen
|
|
V-205690
|
Medium
|
Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen
|
|
V-253453
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-220929
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-253454
|
High
|
Anonymous enumeration of shares must be restricted
|
|
V-220930
|
High
|
Anonymous enumeration of shares must be restricted
|
|
V-220802
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-253391
|
Medium
|
Windows 11 administrator accounts must not be enumerated during elevation
|
|
V-220832
|
Medium
|
Windows 10 administrator accounts must not be enumerated during elevation
|
|
V-253435
|
Medium
|
The built-in administrator account must be renamed
|
|
V-220911
|
Medium
|
The built-in administrator account must be renamed
|
|
V-253474
|
Medium
|
User Account Control must run all administrators in Admin Approval Mode, enabling UAC
|
|
V-220950
|
Medium
|
User Account Control must run all administrators in Admin Approval Mode, enabling UAC
|
|
V-253380
|
Medium
|
Users must be prompted for a password on resume from sleep (on battery)
|
|
V-220821
|
Medium
|
Users must be prompted for a password on resume from sleep (on battery)
|
|
V-253381
|
Medium
|
The user must be prompted for a password on resume from sleep (plugged in)
|
|
V-220822
|
Medium
|
The user must be prompted for a password on resume from sleep (plugged in)
|
|
V-254353
|
High
|
Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-205805
|
High
|
Windows Server 2019 default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-253463
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-220939
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-253382
|
High
|
Solicited Remote Assistance must not be allowed
|
|
V-220823
|
High
|
Solicited Remote Assistance must not be allowed
|
|
V-254333
|
Medium
|
Windows Server 2022 must prevent the display of slide shows on the lock screen
|
|
V-205686
|
Medium
|
Windows Server 2019 must prevent the display of slide shows on the lock screen
|
|
V-254466
|
High
|
Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-205914
|
High
|
Windows Server 2019 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-254467
|
High
|
Windows Server 2022 must not allow anonymous enumeration of shares
|
|
V-205724
|
High
|
Windows Server 2019 must not allow anonymous enumeration of shares
|
|
V-253406
|
Medium
|
Remote Desktop Services must be configured with the client connection encryption set to the requi...
|
|
V-260570
|
High
|
Ubuntu 22.04 LTS must not allow accounts configured with blank or null passwords
|
|
V-260520
|
Low
|
Ubuntu 22.04 LTS must synchronize internal information system clocks to the authoritative time so...
|
|
V-254355
|
Medium
|
Windows Server 2022 administrator accounts must not be enumerated during elevation
|
|
V-205714
|
Medium
|
Windows Server 2019 administrator accounts must not be enumerated during elevation
|
|
V-253303
|
Medium
|
Passwords must, at a minimum, be 14 characters
|
|
V-220745
|
Medium
|
Passwords must, at a minimum, be 14 characters
|
|
V-253302
|
Medium
|
The minimum password age must be configured to at least 1 day
|
|
V-220744
|
Medium
|
The minimum password age must be configured to at least 1 day
|
|
V-253432
|
Medium
|
The built-in administrator account must be disabled.
|
|
V-220908
|
Medium
|
The built-in administrator account must be disabled
|
|
V-253305
|
High
|
Reversible password encryption must be disabled
|
|
V-220747
|
High
|
Reversible password encryption must be disabled
|
|
V-253468
|
Medium
|
User Account Control approval mode for the built-in Administrator must be enabled
|
|
V-220944
|
Medium
|
User Account Control approval mode for the built-in Administrator must be enabled
|
|
V-253472
|
Medium
|
User Account Control must be configured to detect application installations and prompt for elevation
|
|
V-220948
|
Medium
|
User Account Control must be configured to detect application installations and prompt for elevation
|
|
V-254430
|
Medium
|
Windows Server 2022 local users on domain-joined member servers must not be enumerated
|
|
V-254476
|
Medium
|
Windows Server 2022 must be configured to at least negotiate signing for LDAP client signing
|
|
V-205920
|
Medium
|
Windows Server 2019 must be configured to at least negotiate signing for LDAP client signing
|
|
V-253460
|
Medium
|
Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites
|
|
V-220936
|
Medium
|
Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites
|
|
V-254468
|
Medium
|
Windows Server 2022 must be configured to prevent anonymous users from having the same permission...
|
|
V-205915
|
Medium
|
Windows Server 2019 must be configured to prevent anonymous users from having the same permission...
|
|
V-253455
|
Medium
|
The system must be configured to prevent anonymous users from having the same rights as the Every...
|
|
V-254470
|
Medium
|
Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-205916
|
Medium
|
Windows Server 2019 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-253404
|
Medium
|
Remote Desktop Services must always prompt a client for passwords upon connection
|
|
V-220850
|
Medium
|
Remote Desktop Services must always prompt a client for passwords upon connection
|
|
V-220852
|
Medium
|
Remote Desktop Services must be configured with the client connection encryption set to the requi...
|
|
V-260564
|
Medium
|
Ubuntu 22.04 LTS must prevent the use of dictionary words for passwords
|
|
V-260571
|
High
|
Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords
|
|
V-253385
|
Low
|
The Application Compatibility Program Inventory must be prevented from collecting data and sendin...
|
|
V-220826
|
Low
|
The Application Compatibility Program Inventory must be prevented from collecting data and sendin...
|
|
V-253433
|
Medium
|
The built-in guest account must be disabled
|
|
V-220909
|
Medium
|
The built-in guest account must be disabled
|
|
V-254250
|
High
|
Windows Server 2022 local volumes must use a format that supports NTFS attributes
|
|
V-205663
|
High
|
Windows Server 2019 local volumes must use a format that supports NTFS attributes
|
|
V-254342
|
Medium
|
Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable c...
|
|
V-253368
|
Medium
|
Windows 11 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-254453
|
Medium
|
Windows Server 2022 computer account password must not be prevented from being reset
|
|
V-205815
|
Medium
|
Windows Server 2019 computer account password must not be prevented from being reset
|
|
V-253441
|
Low
|
The computer account password must not be prevented from being reset
|
|
V-220917
|
Low
|
The computer account password must not be prevented from being reset
|
|
V-253475
|
Medium
|
User Account Control must virtualize file and registry write failures to per-user locations
|
|
V-220951
|
Medium
|
User Account Control must virtualize file and registry write failures to per-user locations
|
|
V-253469
|
Medium
|
User Account Control must prompt administrators for consent on the secure desktop
|
|
V-254349
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-205867
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-254350
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-205868
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-254352
|
High
|
Windows Server 2022 Autoplay must be turned off for nonvolume devices
|
|
V-205804
|
High
|
Windows Server 2019 Autoplay must be turned off for non-volume devices
|
|
V-253386
|
High
|
Autoplay must be turned off for non-volume devices
|
|
V-220827
|
High
|
Autoplay must be turned off for non-volume devices
|
|
V-205876
|
Medium
|
Windows Server 2019 domain controllers must be configured to allow reset of machine account passw...
|
|
V-205696
|
Medium
|
Windows Server 2019 local users on domain-joined member servers must not be enumerated
|
|
V-253379
|
Medium
|
Local users on domain-joined computers must not be enumerated
|
|
V-220820
|
Medium
|
Local users on domain-joined computers must not be enumerated
|
|
V-254346
|
Medium
|
Windows Server 2022 downloading print driver packages over HTTP must be turned off
|
|
V-205688
|
Medium
|
Windows Server 2019 downloading print driver packages over HTTP must be turned off
|
|
V-253374
|
Medium
|
Downloading print driver packages over HTTP must be prevented
|
|
V-220815
|
Medium
|
Downloading print driver packages over HTTP must be prevented
|
|
V-253376
|
Medium
|
Printing over HTTP must be prevented
|
|
V-220817
|
Medium
|
Printing over HTTP must be prevented
|
|
V-253408
|
Medium
|
Basic authentication for RSS feeds over HTTP must not be used
|
|
V-220844
|
Medium
|
The Windows Defender SmartScreen filter for Microsoft Edge must be enabled
|
|
V-220937
|
High
|
The system must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-254469
|
High
|
Windows Server 2022 must restrict anonymous access to Named Pipes and Shares
|
|
V-205725
|
High
|
Windows Server 2019 must restrict anonymous access to Named Pipes and Shares
|
|
V-253456
|
High
|
Anonymous access to Named Pipes and Shares must be restricted
|
|
V-220932
|
High
|
Anonymous access to Named Pipes and Shares must be restricted
|
|
V-254477
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-205921
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-254478
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-205922
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-253450
|
Medium
|
Unencrypted passwords must not be sent to third-party SMB Servers
|
|
V-220926
|
Medium
|
Unencrypted passwords must not be sent to third-party SMB Servers
|
|
V-253353
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-220795
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-254272
|
Medium
|
Windows Server 2022 must not have Simple TCP/IP Services installed
|
|
V-205680
|
Medium
|
Windows Server 2019 must not have Simple TCP/IP Services installed
|
|
V-254474
|
High
|
Windows Server 2022 must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-205654
|
High
|
Windows Server 2019 must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-253461
|
High
|
The system must be configured to prevent the storage of the LAN Manager hash of passwords
|
|
V-260478
|
Medium
|
Ubuntu 22.04 LTS must have the "libpam-pwquality" package installed
|
|
V-260481
|
Low
|
Ubuntu 22.04 LTS must not have the "ntp" package installed
|
|
V-260516
|
Medium
|
Ubuntu 22.04 LTS must have an application firewall enabled
|
|
V-260521
|
Low
|
Ubuntu 22.04 LTS must record time stamps for audit records that can be mapped to Coordinated Univ...
|
|
V-260572
|
Medium
|
Ubuntu 22.04 LTS must encrypt all stored passwords with a FIPS 140-3-approved cryptographic hashi...
|
|
V-253301
|
Medium
|
The maximum password age must be configured to 60 days or less
|
|
V-220743
|
Medium
|
The maximum password age must be configured to 60 days or less.
|
|
V-254447
|
Medium
|
Windows Server 2022 built-in administrator account must be renamed
|
|
V-205909
|
Medium
|
Windows Server 2019 built-in administrator account must be renamed
|
|
V-254291
|
Medium
|
Windows Server 2022 minimum password length must be configured to 14 characters
|
|
V-205662
|
Medium
|
Windows Server 2019 minimum password length must be configured to 14 characters
|
|
V-254351
|
Low
|
Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting...
|
|
V-205691
|
Low
|
Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting...
|
|
V-220912
|
Medium
|
The built-in guest account must be renamed
|
|
V-253436
|
Medium
|
The built-in guest account must be renamed
|
|
V-205908
|
High
|
Windows Server 2019 must prevent local accounts with blank passwords from being used from the net...
|
|
V-254446
|
High
|
Windows Server 2022 must prevent local accounts with blank passwords from being used from the net...
|
|
V-220910
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-253434
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-253483
|
Medium
|
The "Back up files and directories" user right must only be assigned to the Administrators group
|
|
V-220960
|
Medium
|
The Back up files and directories user right must only be assigned to the Administrators group
|
|
V-205863
|
Medium
|
Windows Server 2019 must be configured to enable Remote host allows delegation of non-exportable ...
|
|
V-220810
|
Medium
|
Windows 10 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-254376
|
Medium
|
Windows Server 2022 must disable automatically signing in the last interactive user after a syste...
|
|
V-205925
|
Medium
|
Windows Server 2019 must disable automatically signing in the last interactive user after a syste...
|
|
V-253413
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-220859
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-254293
|
High
|
Windows Server 2022 reversible password encryption must be disabled
|
|
V-205653
|
High
|
Windows Server 2019 reversible password encryption must be disabled
|
|
V-254483
|
Medium
|
Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without usi...
|
|
V-253471
|
Medium
|
User Account Control must automatically deny elevation requests for standard users
|
|
V-220947
|
Medium
|
User Account Control must automatically deny elevation requests for standard users
|
|
V-254486
|
Medium
|
Windows Server 2022 User Account Control (UAC) must be configured to detect application installat...
|
|
V-205718
|
Medium
|
Windows Server 2019 User Account Control must be configured to detect application installations a...
|
|
V-220945
|
Medium
|
User Account Control must, at minimum, prompt administrators for consent on the secure desktop
|
|
V-253473
|
Medium
|
User Account Control must only elevate UIAccess applications that are installed in secure locations
|
|
V-220949
|
Medium
|
User Account Control must only elevate UIAccess applications that are installed in secure locations
|
|
V-254358
|
Medium
|
Windows Server 2022 Application event log size must be configured to 32768 KB or greater
|
|
V-205796
|
Medium
|
Windows Server 2019 Application event log size must be configured to 32768 KB or greater
|
|
V-254359
|
Medium
|
Windows Server 2022 Security event log size must be configured to 196608 KB or greater
|
|
V-205797
|
Medium
|
Windows Server 2019 Security event log size must be configured to 196608 KB or greater
|
|
V-254360
|
Medium
|
Windows Server 2022 System event log size must be configured to 32768 KB or greater
|
|
V-205798
|
Medium
|
Windows Server 2019 System event log size must be configured to 32768 KB or greater
|
|
V-254354
|
High
|
Windows Server 2022 AutoPlay must be disabled for all drives
|
|
V-205806
|
High
|
Windows Server 2019 AutoPlay must be disabled for all drives
|
|
V-254334
|
Medium
|
Windows Server 2022 must have WDigest Authentication disabled
|
|
V-205687
|
Medium
|
Windows Server 2019 must have WDigest Authentication disabled
|
|
V-253490
|
High
|
The "Debug programs" user right must only be assigned to the Administrators group
|
|
V-220967
|
High
|
The Debug programs user right must only be assigned to the Administrators group
|
|
V-253373
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-220814
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-253284
|
High
|
Structured Exception Handling Overwrite Protection (SEHOP) must be enabled
|
|
V-253398
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-220920
|
Medium
|
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver
|
|
V-254347
|
Medium
|
Windows Server 2022 printing over HTTP must be turned off
|
|
V-205689
|
Medium
|
Windows Server 2019 printing over HTTP must be turned off
|
|
V-254361
|
Medium
|
Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled
|
|
V-205692
|
Medium
|
Windows Server 2019 Windows Defender SmartScreen must be enabled
|
|
V-253462
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-220938
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-254462
|
Medium
|
Windows Server 2022 unencrypted passwords must not be sent to third-party Server Message Block (S...
|
|
V-205655
|
Medium
|
Windows Server 2019 unencrypted passwords must not be sent to third-party Server Message Block (S...
|
|
V-254335
|
Low
|
Windows Server 2022 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-205858
|
Low
|
Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-254336
|
Low
|
Windows Server 2022 source routing must be configured to the highest protection level to prevent ...
|
|
V-205859
|
Low
|
Windows Server 2019 source routing must be configured to the highest protection level to prevent ...
|
|
V-253300
|
Medium
|
The password history must be configured to 24 passwords remembered
|
|
V-220742
|
Medium
|
The password history must be configured to 24 passwords remembered
|
|
V-254278
|
Medium
|
Windows Server 2022 must not have Windows PowerShell 2.0 installed
|
|
V-205685
|
Medium
|
Windows Server 2019 must not have Windows PowerShell 2.0 installed
|
|
V-260479
|
Low
|
Ubuntu 22.04 LTS must have the "chrony" package installed
|
|
V-260480
|
Low
|
Ubuntu 22.04 LTS must not have the "systemd-timesyncd" package installed
|
|
V-260546
|
Medium
|
Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new u...
|
|
V-260550
|
Low
|
Ubuntu 22.04 LTS must enforce a delay of at least four seconds between logon prompts following a ...
|
|
V-260574
|
Medium
|
Ubuntu 22.04 LTS must accept personal identity verification (PIV) credentials
|
|
V-260587
|
Low
|
Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone ...
|
|
V-254290
|
Medium
|
Windows Server 2022 minimum password age must be configured to at least one day
|
|
V-205656
|
Medium
|
Windows Server 2019 minimum password age must be configured to at least one day.
|
|
V-220973
|
Medium
|
The Enable computer and user accounts to be trusted for delegation user right must not be assigne...
|
|
V-253496
|
Medium
|
The "Enable computer and user accounts to be trusted for delegation" user right must not be assig...
|
|
V-254445
|
Medium
|
Windows Server 2022 must have the built-in guest account disabled
|
|
V-205709
|
Medium
|
Windows Server 2019 must have the built-in guest account disabled
|
|
V-253297
|
Medium
|
Windows 11 account lockout duration must be configured to 15 minutes or greater
|
|
V-220739
|
Medium
|
Windows 10 account lockout duration must be configured to 15 minutes or greater
|
|
V-260469
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence
|
|
V-253304
|
Medium
|
The built-in Microsoft password complexity filter must be enabled
|
|
V-220746
|
Medium
|
The built-in Microsoft password complexity filter must be enabled
|
|
V-253299
|
Medium
|
The period of time before the bad logon counter is reset must be configured to 15 minutes
|
|
V-220741
|
Medium
|
The period of time before the bad logon counter is reset must be configured to 15 minutes
|
|
V-205716
|
Medium
|
Windows Server 2019 UIAccess applications must not be allowed to prompt for elevation without usi...
|
|
V-254489
|
Medium
|
Windows Server 2022 User Account Control (UAC) must virtualize file and registry write failures t...
|
|
V-205720
|
Medium
|
Windows Server 2019 User Account Control (UAC) must virtualize file and registry write failures t...
|
|
V-254487
|
Medium
|
Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are i...
|
|
V-205719
|
Medium
|
Windows Server 2019 User Account Control (UAC) must only elevate UIAccess applications that are i...
|
|
V-253338
|
Medium
|
The Security event log size must be configured to 1024000 KB or greater
|
|
V-220780
|
Medium
|
The Security event log size must be configured to 1024000 KB or greater
|
|
V-254449
|
Medium
|
Windows Server 2022 must force audit policy subcategory settings to override audit policy categor...
|
|
V-205644
|
Medium
|
Windows Server 2019 must force audit policy subcategory settings to override audit policy categor...
|
|
V-253437
|
Medium
|
Audit policy using subcategories must be enabled
|
|
V-220913
|
Medium
|
Audit policy using subcategories must be enabled
|
|
V-253358
|
Medium
|
WDigest Authentication must be disabled
|
|
V-220800
|
Medium
|
WDigest Authentication must be disabled
|
|
V-254454
|
Medium
|
Windows Server 2022 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-205911
|
Medium
|
Windows Server 2019 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-253442
|
Low
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-220918
|
Low
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-220727
|
High
|
Structured Exception Handling Overwrite Protection (SEHOP) must be enabled
|
|
V-253264
|
High
|
The Windows 11 system must use an antivirus program
|
|
V-253275
|
High
|
Internet Information System (IIS) or its subcomponents must not be installed on a workstation
|
|
V-220718
|
High
|
Internet Information System (IIS) or its subcomponents must not be installed on a workstation
|
|
V-253395
|
Medium
|
The Microsoft Defender SmartScreen for Explorer must be enabled
|
|
V-220854
|
Medium
|
Basic authentication for RSS feeds over HTTP must not be used
|
|
V-220840
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious we...
|
|
V-254475
|
High
|
Windows Server 2022 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-205919
|
High
|
Windows Server 2019 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-254377
|
Medium
|
Windows Server 2022 PowerShell script block logging must be enabled
|
|
V-205639
|
Medium
|
Windows Server 2019 PowerShell script block logging must be enabled
|
|
V-253414
|
Medium
|
PowerShell script block logging must be enabled on Windows 11
|
|
V-220860
|
Medium
|
PowerShell script block logging must be enabled on Windows 10
|
|
V-205869
|
Medium
|
Windows Server 2019 Telemetry must be configured to Security or Basic
|
|
V-260469
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence
|
|
V-260483
|
High
|
Ubuntu 22.04 LTS must not have the "telnet" package installed
|
|
V-260505
|
Medium
|
Ubuntu 22.04 LTS must be configured so that the "journalctl" command is owned by "root"
|
|
V-260545
|
Medium
|
Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for ne...
|
|
V-260555
|
Medium
|
Ubuntu 22.04 LTS default filesystem permissions must be defined in such a way that all authentica...
|
|
V-260569
|
Medium
|
Ubuntu 22.04 LTS must store only encrypted representations of passwords
|
|
V-260576
|
Medium
|
Ubuntu 22.04 LTS must electronically verify personal identity verification (PIV) credentials
|
|
V-260579
|
High
|
Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based a...
|
|
V-253263
|
High
|
Windows 11 systems must be maintained at a supported servicing level
|
|
V-254289
|
Medium
|
Windows Server 2022 maximum password age must be configured to 60 days or less
|
|
V-205659
|
Medium
|
Windows Server 2019 maximum password age must be configured to 60 days or less
|
|
V-254448
|
Medium
|
Windows Server 2022 built-in guest account must be renamed
|
|
V-205910
|
Medium
|
Windows Server 2019 built-in guest account must be renamed
|
|
V-253357
|
Medium
|
Local administrator accounts must have their privileged token filtered to prevent elevated privil...
|
|
V-220799
|
Medium
|
Local administrator accounts must have their privileged token filtered to prevent elevated privil...
|
|
V-253298
|
Medium
|
The number of allowed bad logon attempts must be configured to three or less
|
|
V-220740
|
Medium
|
The number of allowed bad logon attempts must be configured to 3 or less
|
|
V-254341
|
Medium
|
Windows Server 2022 command line data must be included in process creation events
|
|
V-205638
|
Medium
|
Windows Server 2019 command line data must be included in process creation events
|
|
V-220809
|
Medium
|
Command line data must be included in process creation events
|
|
V-253367
|
Medium
|
Command line data must be included in process creation events
|
|
V-253337
|
Medium
|
The Application event log size must be configured to 32768 KB or greater
|
|
V-220779
|
Medium
|
The Application event log size must be configured to 32768 KB or greater
|
|
V-253339
|
Medium
|
The System event log size must be configured to 32768 KB or greater
|
|
V-220781
|
Medium
|
The System event log size must be configured to 32768 KB or greater
|
|
V-254345
|
Medium
|
Windows Server 2022 group policy objects must be reprocessed even if they have not changed
|
|
V-205866
|
Medium
|
Windows Server 2019 group policy objects must be reprocessed even if they have not changed
|
|
V-254340
|
Medium
|
Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-205862
|
Medium
|
Windows Server 2019 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-253362
|
Medium
|
Hardened UNC Paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-250319
|
Medium
|
Hardened UNC paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-220839
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-254371
|
Medium
|
Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP
|
|
V-205693
|
Medium
|
Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP
|
|
V-220841
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified f...
|
|
V-254277
|
Medium
|
Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client
|
|
V-205684
|
Medium
|
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client
|
|
V-254276
|
Medium
|
Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server
|
|
V-205683
|
Medium
|
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server
|
|
V-254288
|
Medium
|
Windows Server 2022 password history must be configured to 24 passwords remembered
|
|
V-205660
|
Medium
|
Windows Server 2019 password history must be configured to 24 passwords remembered
|
|
V-205658
|
Medium
|
Windows Server 2019 passwords must be configured to expire
|
|
V-260471
|
Medium
|
Ubuntu 22.04 LTS must initiate session audits at system startup
|
|
V-260473
|
Medium
|
Ubuntu 22.04 LTS must disable kernel core dumps so that it can fail to a secure state if system i...
|
|
V-260477
|
Medium
|
Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) removes all software c...
|
|
V-260482
|
High
|
Ubuntu 22.04 LTS must not have the "rsh-server" package installed
|
|
V-260506
|
Medium
|
Ubuntu 22.04 LTS must be configured so that the "journalctl" command is group-owned by "root"
|
|
V-260508
|
Medium
|
Ubuntu 22.04 LTS must configure the "/var/log" directory to be owned by "root"
|
|
V-260509
|
Medium
|
Ubuntu 22.04 LTS must configure the "/var/log" directory to be group-owned by "syslog"
|
|
V-260510
|
Medium
|
Ubuntu 22.04 LTS must configure "/var/log/syslog" file to be owned by "syslog"
|
|
V-260560
|
Medium
|
Ubuntu 22.04 LTS must enforce password complexity by requiring at least one uppercase character b...
|
|
V-260561
|
Medium
|
Ubuntu 22.04 LTS must enforce password complexity by requiring at least one lowercase character b...
|
|
V-260562
|
Medium
|
Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric characte...
|
|
V-260565
|
Medium
|
Ubuntu 22.04 LTS must enforce a minimum 15-character password length
|
|
V-260581
|
Low
|
Ubuntu 22.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the...
|
|
V-254424
|
Medium
|
Windows Server 2022 Deny log on locally user right on domain controllers must be configured to pr...
|
|
V-205670
|
Medium
|
Windows Server 2019 Deny log on locally user right on domain controllers must be configured to pr...
|
|
V-254285
|
Medium
|
Windows Server 2022 account lockout duration must be configured to 15 minutes or greater
|
|
V-254287
|
Medium
|
Windows Server 2022 must have the period of time before the bad logon counter is reset configured...
|
|
V-254257
|
Medium
|
Windows Server 2022 accounts must require passwords
|
|
V-205700
|
Medium
|
Windows Server 2019 accounts must require passwords
|
|
V-254484
|
Medium
|
Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for cons...
|
|
V-205717
|
Medium
|
Windows Server 2019 User Account Control must, at a minimum, prompt administrators for consent on...
|
|
V-253388
|
High
|
Autoplay must be disabled for all drives
|
|
V-220829
|
High
|
Autoplay must be disabled for all drives
|
|
V-254432
|
Medium
|
Windows Server 2022 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-205906
|
Medium
|
Windows Server 2019 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-254364
|
Medium
|
Windows Server 2022 File Explorer shell protocol must run in protected mode
|
|
V-205872
|
Medium
|
Windows Server 2019 File Explorer shell protocol must run in protected mode
|
|
V-254248
|
Medium
|
Windows Server 2022 must use an antivirus program
|
|
V-205850
|
High
|
Windows Server 2019 must use an anti-virus program
|
|
V-220707
|
High
|
The Windows 10 system must use an anti-virus program
|
|
V-254473
|
Medium
|
Windows Server 2022 Kerberos encryption types must be configured to prevent the use of DES and RC...
|
|
V-205708
|
Medium
|
Windows Server 2019 Kerberos encryption types must be configured to prevent the use of DES and RC...
|
|
V-254433
|
Medium
|
Windows Server 2022 must restrict remote calls to the Security Account Manager (SAM) to Administr...
|
|
V-205747
|
Medium
|
Windows Server 2019 must restrict remote calls to the Security Account Manager (SAM) to Administr...
|
|
V-253457
|
Medium
|
Remote calls to the Security Account Manager (SAM) must be restricted to Administrators
|
|
V-254258
|
Medium
|
Windows Server 2022 passwords must be configured to expire
|
|
V-253285
|
Medium
|
The Windows PowerShell 2.0 feature must be disabled on the system
|
|
V-220728
|
Medium
|
The Windows PowerShell 2.0 feature must be disabled on the system
|
|
V-253393
|
Medium
|
Windows Telemetry must not be configured to Full
|
|
V-260475
|
Medium
|
Ubuntu 22.04 LTS must implement nonexecutable data to protect its memory from unauthorized code e...
|
|
V-260487
|
Medium
|
Ubuntu 22.04 LTS library files must have mode "755" or less permissive
|
|
V-260488
|
Medium
|
Ubuntu 22.04 LTS must configure the "/var/log" directory to have mode "755" or less permissive
|
|
V-260491
|
Medium
|
Ubuntu 22.04 LTS must configure "/var/log/syslog" file with mode "640" or less permissive
|
|
V-260497
|
Medium
|
Ubuntu 22.04 LTS library directories must be owned by "root"
|
|
V-260498
|
Medium
|
Ubuntu 22.04 LTS library directories must be group-owned by "root"
|
|
V-260499
|
Medium
|
Ubuntu 22.04 LTS library files must be owned by "root"
|
|
V-260511
|
Medium
|
Ubuntu 22.04 LTS must configure the "/var/log/syslog" file to be group-owned by "adm"
|
|
V-260512
|
Medium
|
Ubuntu 22.04 LTS must be configured so that the "journalctl" command is not accessible by unautho...
|
|
V-260515
|
Medium
|
Ubuntu 22.04 LTS must enable and run the Uncomplicated Firewall (ufw)
|
|
V-260547
|
Medium
|
Ubuntu 22.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after...
|
|
V-260554
|
Medium
|
Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes...
|
|
V-260563
|
Medium
|
Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one special characte...
|
|
V-260582
|
Medium
|
Ubuntu 22.04 LTS must use a file integrity tool to verify correct operation of all security funct...
|
|
V-260588
|
Medium
|
Ubuntu 22.04 LTS must be configured to preserve log records from failure events
|
|
V-254440
|
Medium
|
Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right mus...
|
|
V-205795
|
Medium
|
Windows Server 2019 account lockout duration must be configured to 15 minutes or greater
|
|
V-254286
|
Medium
|
Windows Server 2022 must have the number of allowed bad logon attempts configured to three or less
|
|
V-205629
|
Medium
|
Windows Server 2019 must have the number of allowed bad logon attempts configured to three or less
|
|
V-254479
|
Medium
|
Windows Server 2022 users must be required to enter a password to access private keys stored on t...
|
|
V-205651
|
Medium
|
Windows Server 2019 users must be required to enter a password to access private keys stored on t...
|
|
V-220933
|
Medium
|
Remote calls to the Security Account Manager (SAM) must be restricted to Administrators
|
|
V-254275
|
Medium
|
Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed
|
|
V-205682
|
Medium
|
Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed
|
|
V-260472
|
Low
|
Ubuntu 22.04 LTS must restrict access to the kernel message buffer
|
|
V-260474
|
Medium
|
Ubuntu 22.04 LTS must implement address space layout randomization to protect its memory from una...
|
|
V-260486
|
Medium
|
Ubuntu 22.04 LTS must have system commands set to a mode of "755" or less permissive
|
|
V-260493
|
Medium
|
Ubuntu 22.04 LTS must have directories that contain system commands owned by "root"
|
|
V-260500
|
Medium
|
Ubuntu 22.04 LTS library files must be group-owned by "root"
|
|
V-260514
|
Medium
|
Ubuntu 22.04 LTS must have an application firewall installed in order to control remote access me...
|
|
V-260537
|
Medium
|
Ubuntu 22.04 LTS must retain a user's session lock until that user reestablishes access using est...
|
|
V-260539
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface ...
|
|
V-260540
|
Medium
|
Ubuntu 22.04 LTS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver
|
|
V-260552
|
Low
|
Ubuntu 22.04 LTS must limit the number of concurrent sessions to ten for all accounts and/or acco...
|
|
V-260566
|
Medium
|
Ubuntu 22.04 LTS must require the change of at least eight characters when passwords are changed
|
|
V-260567
|
Medium
|
Ubuntu 22.04 LTS must be configured so that when passwords are changed or new passwords are estab...
|
|
V-260578
|
Medium
|
Ubuntu 22.04 LTS for PKI-based authentication, must implement a local cache of revocation data in...
|
|
V-205748
|
Medium
|
Windows Server 2019 "Enable computer and user accounts to be trusted for delegation" user right m...
|
|
V-254426
|
Medium
|
Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right mus...
|
|
V-205745
|
Medium
|
Windows Server 2019 Enable computer and user accounts to be trusted for delegation user right mus...
|
|
V-254429
|
Medium
|
Windows Server 2022 local administrator accounts must have their privileged token filtered to pre...
|
|
V-253447
|
Low
|
Caching of logon credentials must be limited
|
|
V-220923
|
Low
|
Caching of logon credentials must be limited
|
|
V-220813
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-253288
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client
|
|
V-220731
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client
|
|
V-253287
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server
|
|
V-220730
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server
|
|
V-260485
|
Medium
|
Ubuntu 22.04 LTS must have directories that contain system commands set to a mode of "755" or les...
|
|
V-260494
|
Medium
|
Ubuntu 22.04 LTS must have directories that contain system commands group-owned by "root"
|
|
V-260495
|
Medium
|
Ubuntu 22.04 LTS must have system commands owned by "root" or a system account
|
|
V-260496
|
Medium
|
Ubuntu 22.04 LTS must have system commands group-owned by "root" or a system account
|
|
V-260501
|
Medium
|
Ubuntu 22.04 LTS must configure the directories used by the system journal to be owned by "root"
|
|
V-260522
|
Medium
|
Ubuntu 22.04 LTS must be configured to use TCP syncookies
|
|
V-260533
|
Medium
|
Ubuntu 22.04 LTS SSH server must be configured to use only FIPS-validated key exchange algorithms
|
|
V-260534
|
Medium
|
Ubuntu 22.04 LTS must use strong authenticators in establishing nonlocal maintenance and diagnost...
|
|
V-205751
|
Medium
|
Windows Server 2019 back up files and directories user right must only be assigned to the Adminis...
|
|
V-205715
|
Medium
|
Windows Server 2019 local administrator accounts must have their privileged token filtered to pre...
|
|
V-254494
|
Medium
|
Windows Server 2022 back up files and directories user right must only be assigned to the Adminis...
|
|
V-253341
|
Medium
|
Windows 11 permissions for the Security event log must prevent access by non-privileged accounts
|
|
V-220783
|
Medium
|
Windows 10 permissions for the Security event log must prevent access by non-privileged accounts
|
|
V-253342
|
Medium
|
Windows 11 permissions for the System event log must prevent access by non-privileged accounts
|
|
V-220784
|
Medium
|
Windows 10 permissions for the System event log must prevent access by non-privileged accounts
|
|
V-253372
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-220836
|
Medium
|
The Windows Defender SmartScreen for Explorer must be enabled
|
|
V-260502
|
Medium
|
Ubuntu 22.04 LTS must configure the directories used by the system journal to be group-owned by "...
|
|
V-260589
|
Medium
|
Ubuntu 22.04 LTS must monitor remote access methods
|
|
V-260596
|
Low
|
Ubuntu 22.04 LTS must immediately notify the system administrator (SA) and information system sec...
|
|
V-220971
|
Medium
|
The Deny log on locally user right on workstations must be configured to prevent access from high...
|
|
V-253494
|
Medium
|
The "Deny log on locally" user right on workstations must be configured to prevent access from hi...
|
|
V-254317
|
Medium
|
Windows Server 2022 must be configured to audit Object Access - Removable Storage successes
|
|
V-205840
|
Medium
|
Windows Server 2019 must be configured to audit Object Access - Removable Storage successes
|
|
V-253324
|
Medium
|
The system must be configured to audit Object Access - Removable Storage successes
|
|
V-220766
|
Medium
|
The system must be configured to audit Object Access - Removable Storage successes
|
|
V-254500
|
High
|
Windows Server 2022 debug programs user right must only be assigned to the Administrators group
|
|
V-205757
|
High
|
Windows Server 2019 Debug programs: user right must only be assigned to the Administrators group
|
|
V-254344
|
Medium
|
Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-205865
|
Medium
|
Windows Server 2019 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-260513
|
Medium
|
Ubuntu 22.04 LTS must set a sticky bit on all public directories to prevent unauthorized and unin...
|
|
V-260542
|
Medium
|
Ubuntu 22.04 LTS must prevent direct login into the root account
|
|
V-260559
|
High
|
Ubuntu 22.04 LTS must ensure only users who need access to security functions are part of sudo group
|
|
V-260580
|
Medium
|
Ubuntu 22.04 LTS must use DOD PKI-established certificate authorities for verification of the est...
|
|
V-260593
|
Low
|
Ubuntu 22.04 LTS must alert the information system security officer (ISSO) and system administrat...
|
|
V-220706
|
High
|
Windows 10 systems must be maintained at a supported servicing level
|
|
V-254438
|
Medium
|
Windows Server 2022 Deny log on locally user right on domain-joined member servers must be config...
|
|
V-205675
|
Medium
|
Windows Server 2019 Deny log on locally user right on domain-joined member servers must be config...
|
|
V-205624
|
Medium
|
Windows Server 2019 must automatically remove or disable temporary user accounts after 72 hours
|
|
V-220834
|
Medium
|
Windows Telemetry must not be configured to Full
|
|
V-260503
|
Medium
|
Ubuntu 22.04 LTS must configure the files used by the system journal to be owned by "root"
|
|
V-260504
|
Medium
|
Ubuntu 22.04 LTS must configure the files used by the system journal to be group-owned by "system...
|
|
V-260538
|
Medium
|
Ubuntu 22.04 LTS must initiate a graphical session lock after 15 minutes of inactivity
|
|
V-260583
|
Medium
|
Ubuntu 22.04 LTS must configure AIDE to perform file integrity checking on the file system
|
|
V-254392
|
High
|
Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permiss...
|
|
V-205740
|
High
|
Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permiss...
|
|
V-254427
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-205877
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-260476
|
Low
|
Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) prevents the installat...
|
|
V-260489
|
Medium
|
Ubuntu 22.04 LTS must generate error messages that provide information necessary for corrective a...
|
|
V-260535
|
Medium
|
Ubuntu 22.04 LTS must enable the graphical user logon banner to display the Standard Mandatory DO...
|
|
V-260594
|
Medium
|
Ubuntu 22.04 LTS must shut down by default upon audit failure
|
|
V-260470
|
High
|
Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and main...
|
|
V-260517
|
Medium
|
Ubuntu 22.04 LTS must configure the Uncomplicated Firewall (ufw) to rate-limit impacted network i...
|
|
V-260519
|
Low
|
Ubuntu 22.04 LTS must, for networked systems, compare internal information system clocks at least...
|
|
V-260585
|
Medium
|
Ubuntu 22.04 LTS must be configured so that the script that runs each 30 days or less to check fi...
|
|
V-260490
|
Medium
|
Ubuntu 22.04 LTS must generate system journal entries without revealing information that could be...
|
|
V-260518
|
Medium
|
Ubuntu 22.04 LTS must be configured to prohibit or restrict the use of functions, ports, protocol...
|
|
V-260541
|
Medium
|
Ubuntu 22.04 LTS must disable all wireless network adapters
|
|
V-260577
|
Medium
|
Ubuntu 22.04 LTS, for PKI-based authentication, must validate certificates by constructing a cert...
|
|
V-260586
|
Medium
|
Ubuntu 22.04 LTS must use cryptographic mechanisms to protect the integrity of audit tools
|
|
V-260595
|
Low
|
Ubuntu 22.04 LTS must allocate audit record storage capacity to store at least one weeks' worth o...
|
|
V-254441
|
High
|
Windows Server 2022 must be running Credential Guard on domain-joined member servers
|
|
V-253370
|
High
|
Credential Guard must be running on Windows 11 domain-joined systems
|
|
V-220812
|
High
|
Credential Guard must be running on Windows 10 domain-joined systems
|
|
V-205907
|
High
|
Windows Server 2019 must be running Credential Guard on domain-joined member servers
|
|
V-220921
|
Medium
|
The required legal notice must be configured to display before console logon
|
|
V-260535
|
Medium
|
Ubuntu 22.04 LTS must enable the graphical user logon banner to display the Standard Mandatory DO...
|
|
V-260536
|
Medium
|
Ubuntu 22.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before grantin...
|