Windows Server 2003 STIG Version 6 Release 1.33 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Windows Server 2003 STIG
- Defense Information Systems Agency
Target:
Target | CPE Name |
---|---|
Microsoft Internet Explorer | cpe:/a:microsoft:ie (View CVEs) |
Microsoft Windows Media Player | cpe:/a:microsoft:windows_media_player (View CVEs) |
Microsoft Windows Messenger | cpe:/a:microsoft:windows_messenger (View CVEs) |
Microsoft Windows Server 2003 | cpe:/o:microsoft:windows_2003_server:- (View CVEs) |
Microsoft Windows Server 2003 Service Pack 1 | cpe:/o:microsoft:windows_2003_server::sp1 (View CVEs) |
Microsoft Windows Server 2003 Service Pack 2 | cpe:/o:microsoft:windows_2003_server::sp2 (View CVEs) |
Microsoft Windows Server 2003 Service Pack 3 | cpe:/o:microsoft:windows_2003_server::sp3 (View CVEs) |
NetMeeting | cpe:/a:microsoft:netmeeting (View CVEs) |
Checklist Highlights
- Checklist Name:
- Windows Server 2003 STIG
- Checklist ID:
- 221
- Version:
- Version 6 Release 1.33
- Type:
- Compliance
- Review Status:
- Under Review
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 04/29/2011
Checklist Summary:
The Windows Server 2003 Security Checklist is composed of three major sections and several appendices. The organizational breakdown proceeds as follows: Section 1- Introduction This section contains summary information about the sections and appendices that comprise the Windows Server 2003 Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. Section 2- Automated System Check Procedures This section contains summary information for running the Gold Disk. Section 3- Manual System Check Procedures This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities. Appendix A- Object Permissions This appendix documents the allowed Access Control Lists (ACLs) for file and registry objects. The tables contained in this section are referenced in Section 3. Appendix B- Information Assurance Vulnerability Management (IAVM) Compliance This appendix contains checks for IAVM compliance to be done against a Windows Server 2003 machine. Appendix C- MS Group Policy Analysis Tools This appendix provides information for the use of Microsoft tools for analyzing group policy. Appendix D- Windows VMS Asset Creation and Findings Import Procedures for Reviewers and Self Assessments This appendix documents the procedures for creating assets and importing findings into VMS 6.0 Appendix E- Joint Task Force - Global Network Operations (JTF-GNO) Communications Tasking Orders (CTO) Compliance This appendix identifies Windows specific requirements from JTF-GNO CTOs. Appendix F- SRR Results Report This section is the matrix that allows the reviewer to document vulnerabilities discovered during the SRR process. The entries in this table are mapped to the manual procedures in Section 3 and appendix B.
Checklist Role:
- Server
Known Issues:
Not provided.
Target Audience:
This document is designed to instruct the reviewer on how to assess Windows Server 2003 configurations in Windows 2000, or Windows 2003 domains. In addition, the security settings recommended can also be used to configure Group Policy in a Windows 2000 or Windows 2003 Active Directory environment Field Security Operations- DISA Sites are required to secure the Microsoft Windows Server 2003 operating system in accordance with DOD Directive 8500.1, Section 4.18 (and related footnote). The checks in this document were developed from DOD guidelines specified in the above reference, as well as the Windows Server 2003 security guides and security templates published by the Microsoft Corporation.
Target Operational Environment:
- Managed
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
Not provided.
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Dependency/Requirements:
URL | Description |
---|---|
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b6acf93-147a-4481-9346-f93a4081eea8&DisplayLang=en | The Threats and Countermeasures Guide |
http://www.microsoft.com/downloads/en/details.aspx?familyid=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en | Windows Server 2003 Security Guide |
References:
Reference URL | Description |
---|
NIST checklist record last modified on 05/13/2011
* This checklist is still undergoing review for inclusion into the NCP.