Checklist Summary:

The Windows Server 2012 / 2012 R2 Member Server Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus as well as Windows security guidance by Microsoft Corporation. This document is meant for use in conjunction with other applicable STIGs, including such topics as, Web Servers, Domain Name Service (DNS), and Database. Microsoft released Windows Server 2012 R2 as an update to Windows Server 2012, instead of a Service Pack as with previous Windows versions. Windows Server 2012 R2 changed some functionality as well as adding new functionality. Unless otherwise noted, the requirements in this STIG apply to both Windows Server 2012 and 2012 R2. Requirements that are applicable to a specific version are noted as such. The Windows Server 2012 / 2012 R2 Domain Controller Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus as well as Windows security guidance by Microsoft Corporation. This document is meant for use in conjunction with other applicable STIGs, including such topics as, Active Directory Domain, Active Directory Forest, and Domain Name Service (DNS). Microsoft released Windows Server 2012 R2 as an update to Windows Server 2012, instead of a Service Pack as with previous Windows versions. Windows Server 2012 R2 changed some functionality as well as adding new functionality. Unless otherwise noted, the requirements in this STIG apply to both Windows Server 2012 and 2012 R2. Requirements that are applicable to a specific version are noted as such.

Checklist Role:

• Operating System

Known Issues:

No known issues

Target Audience:

Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a Common Access Card (CAC) that has DoD Certificates can obtain the STIG from https://public.cyber.mil/.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not Provided

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01

Comments/Warnings/Miscellaneous:

Not Provided

Disclaimer:

Not Provided

Product Support:

Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a Common Access Card (CAC) that has DoD Certificates can obtain the STIG from https://public.cyber.mil/.

Point of Contact:

[email protected]

Sponsor:

Not Provided

Licensing:

Not Provided

Change History:

Standalone and Benchmark Version 2, Release 2 - 07 August 2015
Updated status from "Under Review" to "Final" - 30 June 2015
Updated Information and Changed Status from "Candidate" to "Under Review" - 27 May 2015
Changed status from "under review" to "final" - 14 September 2015
Version 2, Release 3 - 29 October 2015
Changed status from "Under Review" to "Final" - 17 December 2015
5/2/2016 - Version 2, Release 4
moved to FINAL - 6/7/2016
updated to - v2, r5 - 07/22/2016
Updated to FINAL - 09/12/2016
Updated STIG to v2, r6 - 10/28/2016
updated to FINAL - 12/07/2016
Updated to Ver 2, Rel 7 - 01/27/2017
Updated to FINAL - 03/13/2017
Updated to Version 2, Release 8 - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated to FINAL - 09/07/2017
Updated - 11/01/2017
Updated to FINAL - 12/02/2017
corrected resource title - 1/24/2018
Updated to Version 2, Release 11 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to Ver 2, Rel 12 - 4/25/18
Updated to FINAL - 5/25/18
updated to Version 2, Release 13 - 7/24/18
Added GPOs - 8/6/18
Updated to FINAL - 9/6/2018
Updated to Version 2, Release 14 - 02/16/2018
Corrected SHA for GPO file - 12/19/2018
updated to FINAL - 1/22/19
updated to Version 2, Release 15 - 1/28/19
updated benchmark - 1/29/19
updated GPO file - 2/8/19
Status Updated to FINAL - 3/8/19
updated to Version 2, Release 15 - 4/30/19
Updated GPO resource - 5/2/19
Updated to FINAL  - 6/4/19
Updated URLs - 6/12/19
Updated URLs - 8/12/2019
Updated GPO file - 10/31/19
updated URLs - 11/1/19
updated URLs per DISA - 1/21/2020
corrected resource title - 1/22/2020
Updated GPO file per DISA - 1/29/2020
Updated GPO file per DISA - 2/3/2020
updated GPO file - 3/6/2020
updated resource title per DISA - 3/12/2020
updated GPO file - 4/27/2020
/updated URLs per DISA - 6/9/2020
Updated URLs per DISA - 7/7/2020
Updated GPO file per DISA - 8/5/2020
updated GPO file - 10/29/2020
updated URLs and GPO file - 12/3/2020
Updated GPO per DISA - 1/28/21
Updated GPO per DISA - 3/1/21
added SCC links per DISA guidance - 4/20/2021
Updated resources per DISA - 5/5/21
Updated GPO per DISA - 5/12/21
updated SCC content - 5/27/2021
Updated GPO - 8/9/21
null
Updated GPO per DISA - 8/24/21
updated SCC tool per DISA - 9/16/2021
updated URLs - 11/22/2021
Updated resources per DISA - 11/24/21
Updated GPO per DISA - 2/17/22
Updated GPO per DISA - 5/2/22
null
Updated resources per DISA - 5/29/22
null
Updated SCC per DISA - 6/14/22
Updated GPO per DISA - 8/1/22
null
SCC - 10/13/22
updated GPO file - 11/7/22
updated URLs - 11/15/2022
updated GPO file - 1/31/2023
updated SCC content - 2/3/2023
 updated SCC content - 3/9/2023
Updated GPO per DISA - 5/1/23
updated URLs - 5/10/23
updated SCC content - 6/22/23
updated SHA - 7/27/23
Updated GPO per DISA - 7/31/23
Updated GPO per DISA - 8/21/23
Updated SCC per DISA - 9/21/23
Updated resource per DISA - 11/2/23
Corrected SHA discrepancy - 11/3/2023
sunset - 11/9/2023

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 11/09/2023