U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CIS Microsoft Windows Server 2022 Benchmark 2.0.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Microsoft Windows Server 2022 cpe:/o:microsoft:windows_server_2022:- (View CVEs)

Checklist Highlights

Checklist Name:
CIS Microsoft Windows Server 2022 Benchmark
Checklist ID:
1188
Version:
2.0.0
Type:
Compliance
Review Status:
Final
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
04/14/2023

Checklist Summary:

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows. This secure configuration guide is based on Microsoft Windows Server 2022 and is intended for all versions of the Server 2022 operating system, including older versions. This secure configuration guide was tested against Microsoft Windows Server 2022 Datacenter. To ensure all new and updated group policy objects (GPOs) are installed on the system, please download the newest version of the ADMX/ADML templates for Windows 11. Templates can be downloaded from Microsoft at: Download ADMX Templates for Windows 11 2022 Update [22H2] from Official Microsoft Download Center. To obtain the latest version of this secure configuration guide, please visit https://www.cisecurity.org/cis-benchmarks/. If you have questions, comments, or have identified ways to improve this guide, please write us at feedback@cisecurity.org.

Checklist Role:

  • Application Server

Known Issues:

Not provided.

Target Audience:

The Windows CIS Benchmarks are written for Active Directory domain-joined systems using Group Policy, not standalone/workgroup systems. Adjustments/tailoring to some recommendations will be needed to maintain functionality if attempting to implement CIS hardening on standalone systems or a system running in the cloud.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

feedback@cisecurity.org

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

new checklist - 2/29/24
Candidate to Final - 4/19/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/19/2024