SRG-OS-000095-GPOS-00049 Controls

STIG IDVersionTitleProduct
ALMA-09-028510V1R1AlmaLinux OS 9 must disable remote management of the chrony daemon.
ALMA-09-028620V1R1AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.
ALMA-09-028730V1R1AlmaLinux OS 9 must not have the iprutils package installed.
ALMA-09-028840V1R1AlmaLinux OS 9 must not have the quagga package installed.
ALMA-09-028950V1R1AlmaLinux OS 9 must not have the sendmail package installed.
ALMA-09-029060V1R1AlmaLinux OS 9 must not have the telnet-server package installed.
ALMA-09-029170V1R1AlmaLinux OS 9 must not have a Trivial File Transfer Protocol (TFTP) client package installed.
ALMA-09-029390V1R1AlmaLinux OS 9 must not have the cups package installed.
ALMA-09-029500V1R1AlmaLinux OS 9 must not have the gssproxy package installed.
ALMA-09-029610V1R1AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module.
ALMA-09-029720V1R1AlmaLinux OS 9 must be configured to disable Bluetooth.
ALMA-09-029830V1R1AlmaLinux OS 9 must disable the Controller Area Network (CAN) kernel module.
ALMA-09-029940V1R1AlmaLinux OS 9 must disable mounting of cramfs.
ALMA-09-030050V1R1AlmaLinux OS 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
ALMA-09-030160V1R1AlmaLinux OS 9 must disable mounting of squashfs.
ALMA-09-030270V1R1AlmaLinux OS 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
ALMA-09-030380V1R1AlmaLinux OS 9 must disable mounting of udf.
ALMA-09-030490V1R1Cameras must be disabled or covered when not in use.
ALMA-09-030600V1R1AlmaLinux OS 9 must not have the nfs-utils package installed.
ALMA-09-030710V1R1AlmaLinux OS 9 must not have the rsh package installed.
ALMA-09-030820V1R1AlmaLinux OS 9 must not have the rsh-server package installed.
ALMA-09-030930V1R1AlmaLinux OS 9 must not have the tuned package installed.
ALMA-09-031040V1R1A graphical display manager must not be installed on AlmaLinux OS 9 unless approved.
ALMA-09-031150V1R1AlmaLinux OS 9 must not have the ypserv package installed.
ALMA-09-031260V1R1AlmaLinux OS 9 must not have the avahi package installed.
ALMA-09-031370V1R1AlmaLinux OS 9 must be configured to disable USB mass storage.
UBTU-18-010018V2R15The Ubuntu operating system must not have the Network Information Service (NIS) package installed.
UBTU-18-010019V2R15The Ubuntu operating system must not have the rsh-server package installed.
UBTU-20-010406V1R9The Ubuntu operating system must not have the rsh-server package installed.
UBTU-24-100040V1R1Ubuntu 24.04 LTS must not have the rsh-server package installed.
WN22-00-000270V2R1Windows Server 2022 must have the roles and features required by the system documented.
WN22-00-000320V2R1Windows Server 2022 must not have the Fax Server role installed.
WN22-00-000340V2R1Windows Server 2022 must not have the Peer Name Resolution Protocol installed.
WN22-00-000350V2R1Windows Server 2022 must not have Simple TCP/IP Services installed.
WN22-00-000370V2R1Windows Server 2022 must not have the TFTP Client installed.
WN22-00-000380V2R1Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.
WN22-00-000390V2R1Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.
WN22-00-000400V2R1Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
WN22-00-000410V2R1Windows Server 2022 must not have Windows PowerShell 2.0 installed.
WN22-CC-000010V2R1Windows Server 2022 must prevent the display of slide shows on the lock screen.
WN22-CC-000020V2R1Windows Server 2022 must have WDigest Authentication disabled.
WN22-CC-000150V2R1Windows Server 2022 downloading print driver packages over HTTP must be turned off.
WN22-CC-000160V2R1Windows Server 2022 printing over HTTP must be turned off.
WN22-CC-000170V2R1Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen.
WN22-CC-000200V2R1Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN22-CC-000300V2R1Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled.
WN22-CC-000400V2R1Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP.
WN22-CC-000410V2R1Windows Server 2022 must prevent Indexing of encrypted files.
WN22-DC-000130V2R1Windows Server 2022 domain controllers must run on a machine dedicated to that function.
WN22-MS-000030V2R1Windows Server 2022 local users on domain-joined member servers must not be enumerated.
WN10-00-000080V2R8Only authorized user accounts must be allowed to create or run virtual machines on Windows 10 systems.
WN10-00-000100V2R8Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
WN10-00-000110V2R8Simple TCP/IP Services must not be installed on the system.
WN10-00-000155V2R8The Windows PowerShell 2.0 feature must be disabled on the system.
WN10-00-000160V2R8The Server Message Block (SMB) v1 protocol must be disabled on the system.
WN10-00-000165V2R8The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN10-00-000170V2R8The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN10-00-000175V2R8The Secondary Logon service must be disabled on Windows 10.
WN10-00-000210V2R8Bluetooth must be turned off unless approved by the organization.
WN10-00-000220V2R8Bluetooth must be turned off when not in use.
WN10-CC-000005V2R8Camera access from the lock screen must be disabled.
WN10-CC-000007V2R8Windows 10 must cover or disable the built-in or attached camera when not in use.
WN10-CC-000010V2R8The display of slide shows on the lock screen must be disabled.
WN10-CC-000038V2R8WDigest Authentication must be disabled.
WN10-CC-000039V2R8Run as different user must be removed from context menus.
WN10-CC-000044V2R8Internet connection sharing must be disabled.
WN10-CC-000100V2R8Downloading print driver packages over HTTP must be prevented.
WN10-CC-000105V2R8Web publishing and online ordering wizards must be prevented from downloading a list of providers.
WN10-CC-000110V2R8Printing over HTTP must be prevented.
WN10-CC-000120V2R8The network selection user interface (UI) must not be displayed on the logon screen.
WN10-CC-000130V2R8Local users on domain-joined computers must not be enumerated.
WN10-CC-000175V2R8The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN10-CC-000197V2R8Microsoft consumer experiences must be turned off.
WN10-CC-000210V2R8The Windows Defender SmartScreen for Explorer must be enabled.
WN10-CC-000252V2R8Windows 10 must be configured to disable Windows Game Recording and Broadcasting.
WN10-CC-000300V2R8Basic authentication for RSS feeds over HTTP must not be used.
WN10-CC-000305V2R8Indexing of encrypted files must be turned off.
WN10-CC-000370V2R8The convenience PIN for Windows 10 must be disabled.
WN10-CC-000385V2R8Windows Ink Workspace must be configured to disallow access above the lock.
WN10-CC-000390V2R8Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications.
WN10-UC-000015V2R8Toast notifications to the lock screen must be turned off.
APPL-15-002004V1R1The macOS system must disable Location Services.
APPL-15-002005V1R1The macOS system must disable Bonjour multicast.
APPL-15-002007V1R1The macOS system must disable Internet Sharing.
APPL-15-002010V1R1The macOS system must disable FaceTime.app.
APPL-15-002012V1R1The macOS system must disable the iCloud Calendar services.
APPL-15-002013V1R1The macOS system must disable iCloud Reminders.
APPL-15-002014V1R1The macOS system must disable iCloud Address Book.
APPL-15-002015V1R1The macOS system must disable iCloud Mail.
APPL-15-002016V1R1The macOS system must disable iCloud Notes.
APPL-15-002017V1R1The macOS system must disable the camera.
APPL-15-002020V1R1The macOS system must disable Siri.
APPL-15-002035V1R1The macOS system must disable Apple ID setup during Setup Assistant.
APPL-15-002036V1R1The macOS system must disable Privacy Setup services during Setup Assistant.
APPL-15-002037V1R1The macOS system must disable iCloud storage setup during Setup Assistant.
APPL-15-002039V1R1The macOS system must disable Siri Setup during Setup Assistant.
APPL-15-002040V1R1The macOS system must disable iCloud Keychain Sync.
APPL-15-002041V1R1The macOS system must disable iCloud Document Sync.
APPL-15-002042V1R1The macOS system must disable iCloud Bookmarks.
APPL-15-002043V1R1The macOS system must disable iCloud Photo Library.
APPL-15-002052V1R1The macOS system must disable the System Settings pane for Wallet and Apple Pay.
APPL-15-002053V1R1The macOS system must disable the system settings pane for Siri.
APPL-15-002080V1R1The macOS system must disable Airplay Receiver.
APPL-15-002120V1R1The macOS system must disable AppleID and internet Account Modification.
APPL-15-002130V1R1The macOS system must disable CD/DVD Sharing.
APPL-15-002140V1R1The macOS system must disable Content Caching service.
APPL-15-002150V1R1The macOS system must disable iCloud Desktop and Document folder sync.
APPL-15-002160V1R1The macOS system must disable iCloud Game Center.
APPL-15-002170V1R1The macOS system must disable iCloud Private Relay.
APPL-15-002180V1R1The macOS system must disable Find My service.
APPL-15-002200V1R1The macOS system must disable Personalized Advertising.
APPL-15-002210V1R1The macOS system must disable sending Siri and Dictation information to Apple.
APPL-15-002220V1R1The macOS system must enforce On Device Dictation.
APPL-15-002230V1R1The macOS system must disable Dictation.
APPL-15-002240V1R1The macOS system must disable Printer Sharing.
APPL-15-002250V1R1The macOS system must disable Remote Management.
APPL-15-002260V1R1The macOS system must disable the Bluetooth System Settings pane.
APPL-15-002270V1R1The macOS system must disable the iCloud Freeform services.
APPL-15-005054V1R1The macOS system must disable the TouchID prompt during Setup Assistant.
APPL-15-005055V1R1The macOS system must disable the Screen Time prompt during Setup Assistant.
APPL-15-005056V1R1The macOS system must disable Unlock with Apple Watch during Setup Assistant.
APPL-15-005060V1R1The macOS system must disable proximity-based password sharing requests.
APPL-15-005061V1R1The macOS system must disable Erase Content and Settings.
APPL-15-005140V1R1The macOS system must disable Genmoji.
APPL-15-005150V1R1The macOS system must disable Apple Intelligence Image Generation.
APPL-15-005160V1R1The macOS system must disable Apple Intelligence Writing Tools.
APPL-15-002023V1R1The macOS system must disable sending audio recordings and transcripts to Apple.
APPL-15-002024V1R1The macOS system must disable sending search data from Spotlight to Apple.
APPL-14-002004V2R1The macOS system must disable Location Services.
APPL-14-002005V2R1The macOS system must disable Bonjour multicast.
APPL-14-002007V2R1The macOS system must disable Internet Sharing.
APPL-14-002010V2R1The macOS system must disable FaceTime.app.
APPL-14-002012V2R1The macOS system must disable the iCloud Calendar services.
APPL-14-002013V2R1The macOS system must disable iCloud Reminders.
APPL-14-002014V2R1The macOS system must disable iCloud Address Book.
APPL-14-002015V2R1The macOS system must disable iCloud Mail.
APPL-14-002016V2R1The macOS system must disable iCloud Notes.
APPL-14-002017V2R1The macOS system must disable the camera.
APPL-14-002020V2R1The macOS system must disable Siri.
APPL-14-002035V2R1The macOS system must disable Apple ID setup during Setup Assistant.
APPL-14-002036V2R1The macOS system must disable Privacy Setup services during Setup Assistant.
APPL-14-002037V2R1The macOS system must disable iCloud Storage Setup during Setup Assistant.
APPL-14-002039V2R1The macOS system must disable Siri Setup during Setup Assistant.
APPL-14-002040V2R1The macOS system must disable iCloud Keychain synchronization.
APPL-14-002041V2R1The macOS system must disable iCloud Document synchronization.
APPL-14-002042V2R1The macOS system must disable iCloud Bookmarks.
APPL-14-002043V2R1The macOS system must disable iCloud Photo Library.
APPL-14-002051V2R1The macOS system must disable the TouchID System Settings pane.
APPL-14-002052V2R1The macOS system must disable the System Settings pane for Wallet and Apple Pay.
APPL-14-002053V2R1The macOS system must disable the system settings pane for Siri.
APPL-14-002080V2R1The macOS system must disable Airplay Receiver.
APPL-14-002120V2R1The macOS system must disable AppleID and Internet Account modifications.
APPL-14-002130V2R1The macOS system must disable CD/DVD Sharing.
APPL-14-002140V2R1The macOS system must disable content caching service.
APPL-14-002150V2R1The macOS system must disable iCloud desktop and document folder synchronization.
APPL-14-002160V2R1The macOS system must disable iCloud Game Center.
APPL-14-002170V2R1The macOS system must disable iCloud Private Relay.
APPL-14-002180V2R1The macOS system must disable Find My service.
APPL-14-002190V2R1The macOS system must disable password autofill.
APPL-14-002200V2R1The macOS system must disable personalized advertising.
APPL-14-002210V2R1The macOS system must disable sending Siri and Dictation information to Apple.
APPL-14-002220V2R1The macOS system must enforce on device dictation.
APPL-14-002230V2R1The macOS system must disable dictation.
APPL-14-002240V2R1The macOS system must disable Printer Sharing.
APPL-14-002250V2R1The macOS system must disable Remote Management.
APPL-14-002260V2R1The macOS system must disable the Bluetooth system settings pane.
APPL-14-002270V2R1The macOS system must disable the iCloud Freeform services.
APPL-14-005054V2R1The macOS system must disable TouchID prompt during Setup Assistant.
APPL-14-005055V2R1The macOS system must disable Screen Time prompt during Setup Assistant.
APPL-14-005056V2R1The macOS system must disable Unlock with Apple Watch during Setup Assistant.
APPL-14-005060V2R1The macOS system must disable proximity-based password sharing requests.
APPL-14-005061V2R1The macOS system must disable Erase Content and Settings.
WN11-00-000100V2R1Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
WN11-00-000110V2R1Simple TCP/IP Services must not be installed on the system.
WN11-00-000155V2R1The Windows PowerShell 2.0 feature must be disabled on the system.
WN11-00-000160V2R1The Server Message Block (SMB) v1 protocol must be disabled on the system.
WN11-00-000165V2R1The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN11-00-000170V2R1The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN11-00-000175V2R1The Secondary Logon service must be disabled on Windows 11.
WN11-00-000210V2R1Bluetooth must be turned off unless approved by the organization.
WN11-00-000220V2R1Bluetooth must be turned off when not in use.
WN11-CC-000005V2R1Camera access from the lock screen must be disabled.
WN11-CC-000007V2R1Windows 11 must cover or disable the built-in or attached camera when not in use.
WN11-CC-000010V2R1The display of slide shows on the lock screen must be disabled.
WN11-CC-000038V2R1WDigest Authentication must be disabled.
WN11-CC-000039V2R1Run as different user must be removed from context menus.
WN11-CC-000044V2R1Internet connection sharing must be disabled.
WN11-CC-000100V2R1Downloading print driver packages over HTTP must be prevented.
WN11-CC-000105V2R1Web publishing and online ordering wizards must be prevented from downloading a list of providers.
WN11-CC-000110V2R1Printing over HTTP must be prevented.
WN11-CC-000120V2R1The network selection user interface (UI) must not be displayed on the logon screen.
WN11-CC-000130V2R1Local users on domain-joined computers must not be enumerated.
WN11-CC-000175V2R1The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN11-CC-000197V2R1Microsoft consumer experiences must be turned off.
WN11-CC-000210V2R1The Microsoft Defender SmartScreen for Explorer must be enabled.
WN11-CC-000252V2R1Windows 11 must be configured to disable Windows Game Recording and Broadcasting.
WN11-CC-000300V2R1Basic authentication for RSS feeds over HTTP must not be used.
WN11-CC-000305V2R1Indexing of encrypted files must be turned off.
WN11-CC-000370V2R1The convenience PIN for Windows 11 must be disabled.
WN11-CC-000390V2R1Windows 11 must be configured to prevent users from receiving suggestions for third-party or additional applications.
WN11-UC-000015V2R1Toast notifications to the lock screen must be turned off.
UBTU-22-215030V2R1Ubuntu 22.04 LTS must not have the "rsh-server" package installed.
RHEL-08-030741V1R9RHEL 8 must disable the chrony daemon from acting as a server.
RHEL-08-030742V1R9RHEL 8 must disable network management of the chrony daemon.
RHEL-08-040000V1R9RHEL 8 must not have the telnet-server package installed.
RHEL-08-040001V1R9RHEL 8 must not have any automated bug reporting tools installed.
RHEL-08-040002V1R9RHEL 8 must not have the sendmail package installed.
RHEL-08-040004V1R9RHEL 8 must enable mitigations against processor-based vulnerabilities.
RHEL-08-040010V1R9RHEL 8 must not have the rsh-server package installed.
RHEL-08-040020V1R9RHEL 8 must cover or disable the built-in or attached camera when not in use.
RHEL-08-040021V1R9RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.
RHEL-08-040022V1R9RHEL 8 must disable the controller area network (CAN) protocol.
RHEL-08-040023V1R9RHEL 8 must disable the stream control transmission protocol (SCTP).
RHEL-08-040024V1R9RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.
RHEL-08-040025V1R9RHEL 8 must disable mounting of cramfs.
RHEL-08-040026V1R9RHEL 8 must disable IEEE 1394 (FireWire) Support.
RHEL-07-020000V3R8The Red Hat Enterprise Linux operating system must not have the rsh-server package installed.
RHEL-07-020010V3R8The Red Hat Enterprise Linux operating system must not have the ypserv package installed.
RHEL-07-021710V3R8The Red Hat Enterprise Linux operating system must not have the telnet-server package installed.
RHEL-09-213045V2R1RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.
RHEL-09-213050V2R1RHEL 9 must be configured to disable the Controller Area Network kernel module.
RHEL-09-213055V2R1RHEL 9 must be configured to disable the FireWire kernel module.
RHEL-09-213060V2R1RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
RHEL-09-213065V2R1RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
RHEL-09-215025V2R1RHEL 9 must not have the nfs-utils package installed.
RHEL-09-215030V2R1RHEL 9 must not have the ypserv package installed.
RHEL-09-215035V2R1RHEL 9 must not have the rsh-server package installed.
RHEL-09-215040V2R1RHEL 9 must not have the telnet-server package installed.
RHEL-09-215045V2R1RHEL 9 must not have the gssproxy package installed.
RHEL-09-215050V2R1RHEL 9 must not have the iprutils package installed.
RHEL-09-215055V2R1RHEL 9 must not have the tuned package installed.
RHEL-09-231195V2R1RHEL 9 must disable mounting of cramfs.
RHEL-09-291035V2R1RHEL 9 Bluetooth must be disabled.
OL09-00-000040V1R1OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module.
OL09-00-000041V1R1OL 9 must be configured to disable the Controller Area Network (CAN) kernel module.
OL09-00-000042V1R1OL 9 must be configured to disable the FireWire kernel module.
OL09-00-000043V1R1OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
OL09-00-000044V1R1OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
OL09-00-000045V1R1OL 9 must disable mounting of cramfs.
OL09-00-000046V1R1OL 9 Bluetooth must be disabled.
OL09-00-000100V1R1OL 9 must not have the nfs-utils package installed.
OL09-00-000105V1R1OL 9 must not have the rsh-server package installed.
OL09-00-000110V1R1OL 9 must not have the telnet-server package installed.
OL09-00-000115V1R1OL 9 must not have the gssproxy package installed.
OL09-00-000120V1R1OL 9 must not have the iprutils package installed.
OL09-00-000125V1R1OL 9 must not have the tuned package installed.
OL09-00-000150V1R1OL 9 must not have the sendmail package installed.
WN16-00-000300V2R10The roles and features required by the system must be documented.
WN16-00-000350V2R10The Fax Server role must not be installed.
WN16-00-000370V2R10The Peer Name Resolution Protocol must not be installed.
WN16-00-000380V2R10Simple TCP/IP Services must not be installed.
WN16-00-000400V2R10The TFTP Client must not be installed.
WN16-00-000410V2R10The Server Message Block (SMB) v1 protocol must be uninstalled.
WN16-00-000411V2R10The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN16-00-000412V2R10The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN16-00-000420V2R10Windows PowerShell 2.0 must not be installed.
WN16-CC-000010V2R10The display of slide shows on the lock screen must be disabled.
WN16-CC-000030V2R10WDigest Authentication must be disabled on Windows Server 2016.
WN16-CC-000160V2R10Downloading print driver packages over HTTP must be prevented.
WN16-CC-000170V2R10Printing over HTTP must be prevented.
WN16-CC-000180V2R10The network selection user interface (UI) must not be displayed on the logon screen.
WN16-CC-000240V2R10The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN16-CC-000330V2R10Windows Server 2016 Windows SmartScreen must be enabled.
WN16-CC-000430V2R10Basic authentication for RSS feeds over HTTP must not be used.
WN16-CC-000440V2R10Indexing of encrypted files must be turned off.
WN16-DC-000130V2R10Domain controllers must run on a machine dedicated to that function.
WN16-MS-000030V2R10Local users on domain-joined computers must not be enumerated.
WN16-CC-000421V2R10The Windows Explorer Preview pane must be disabled for Windows Server 2016.
OL07-00-020000V2R14The Oracle Linux operating system must not have the rsh-server package installed.
OL07-00-020010V2R14The Oracle Linux operating system must not have the ypserv package installed.
OL07-00-021710V2R14The Oracle Linux operating system must not have the telnet-server package installed.
WN19-00-000270V2R8Windows Server 2019 must have the roles and features required by the system documented.
WN19-00-000320V2R8Windows Server 2019 must not have the Fax Server role installed.
WN19-00-000340V2R8Windows Server 2019 must not have the Peer Name Resolution Protocol installed.
WN19-00-000350V2R8Windows Server 2019 must not have Simple TCP/IP Services installed.
WN19-00-000370V2R8Windows Server 2019 must not have the TFTP Client installed.
WN19-00-000380V2R8Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed.
WN19-00-000390V2R8Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.
WN19-00-000400V2R8Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
WN19-00-000410V2R8Windows Server 2019 must not have Windows PowerShell 2.0 installed.
WN19-CC-000010V2R8Windows Server 2019 must prevent the display of slide shows on the lock screen.
WN19-CC-000020V2R8Windows Server 2019 must have WDigest Authentication disabled.
WN19-CC-000150V2R8Windows Server 2019 downloading print driver packages over HTTP must be turned off.
WN19-CC-000160V2R8Windows Server 2019 printing over HTTP must be turned off.
WN19-CC-000170V2R8Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen.
WN19-CC-000200V2R8Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN19-CC-000300V2R8Windows Server 2019 Windows Defender SmartScreen must be enabled.
WN19-CC-000400V2R8Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP.
WN19-CC-000410V2R8Windows Server 2019 must prevent Indexing of encrypted files.
WN19-DC-000130V2R8Windows Server 2019 domain controllers must run on a machine dedicated to that function.
WN19-MS-000030V2R8Windows Server 2019 local users on domain-joined member servers must not be enumerated.
WN19-CC-000451V2R8The Windows Explorer Preview pane must be disabled for Windows Server 2019.
OL08-00-030741V1R9OL 8 must disable the chrony daemon from acting as a server.
OL08-00-030742V1R9OL 8 must disable network management of the chrony daemon.
OL08-00-040000V1R9OL 8 must not have the telnet-server package installed.
OL08-00-040001V1R9OL 8 must not have any automated bug reporting tools installed.
OL08-00-040002V1R9OL 8 must not have the sendmail package installed.
OL08-00-040004V1R9OL 8 must enable mitigations against processor-based vulnerabilities.
OL08-00-040010V1R9OL 8 must not have the rsh-server package installed.
OL08-00-040020V1R9OL 8 must cover or disable the built-in or attached camera when not in use.
OL08-00-040024V1R9OL 8 must disable the transparent inter-process communication (TIPC) protocol.
OL08-00-040025V1R9OL 8 must disable mounting of cramfs.
OL08-00-040026V1R9OL 8 must disable IEEE 1394 (FireWire) Support.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.