USNS Montford Point eMASS Security Plan (SP)
MSC_USNS_Montford_Point_eMASS_SP_23-Apr-2025-222923_SecurityPlan.pdf
- Ship
- USNS MONTFORD POINT
- Parsed
- 2026-02-09 18:37
- Coverage
-
90/90 (100%)
Total V-Numbers
90
Found in DB
90
Missing STIGs
0
Matched STIG References
V-numbers found in document that match STIGs in database
| V-Number | STIG Title | Severity | Benchmark |
|---|---|---|---|
| V-213193 | Adobe Reader DC must enable FIPS mode. | CAT II | Adobe Acrobat Reader DC Continuous Track... |
| V-215823 | The Cisco router must be configured to prohibit the use of a... | CAT I | Cisco IOS XE Router NDM Security Technic... |
| V-215855 | The Cisco router must be configured to back up the configura... | CAT II | Cisco IOS XE Router NDM Security Technic... |
| V-218748 | Each IIS 10.0 website must be assigned a default host header... | CAT II | Microsoft IIS 10.0 Site Security Technic... |
| V-218749 | A private IIS 10.0 website authentication mechanism must use... | CAT II | Microsoft IIS 10.0 Site Security Technic... |
| V-218767 | The IIS 10.0 website must only accept client certificates is... | CAT II | Microsoft IIS 10.0 Site Security Technic... |
| V-218768 | The IIS 10.0 private website must employ cryptographic mecha... | CAT I | Microsoft IIS 10.0 Site Security Technic... |
| V-218772 | The maximum number of requests an application pool can proce... | CAT II | Microsoft IIS 10.0 Site Security Technic... |
| V-218782 | The required DoD banner page must be displayed to authentica... | CAT II | Microsoft IIS 10.0 Site Security Technic... |
| V-218817 | The IIS 10.0 web server must not be running on a system prov... | CAT II | Microsoft IIS 10.0 Server Security Techn... |
| V-218823 | All accounts installed with the IIS 10.0 web server software... | CAT I | Microsoft IIS 10.0 Server Security Techn... |
| V-220139 | The Cisco router must be configured to send log data to at l... | CAT I | Cisco IOS XE Router NDM Security Technic... |
| V-220140 | The Cisco router must be running an IOS release that is curr... | CAT I | Cisco IOS XE Router NDM Security Technic... |
| V-220737 | Administrative accounts must not be used with applications t... | CAT I | Microsoft Windows 10 Security Technical ... |
| V-223284 | The Macro Runtime Scan Scope must be enabled for all documen... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223287 | Custom user interface (UI) code must be blocked from loading... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223299 | The Information Bar must be enabled in all Office programs. | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223300 | The Local Machine Zone Lockdown Security must be enabled in ... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223309 | Flash player activation must be disabled in all Office progr... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223312 | Dynamic Data Exchange (DDE) server launch in Excel must be b... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223313 | Dynamic Data Exchange (DDE) server lookup in Excel must be b... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223323 | Open/save of Excel 95 workbooks must be blocked. | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223324 | Open/save of Excel 95-97 workbooks and templates must be blo... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223328 | Updating of links in Excel must be prompted and not automati... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223329 | Loading of pictures from Web pages not created in Excel must... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223330 | AutoRepublish in Excel must be disabled. | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223331 | AutoRepublish warning alert in Excel must be enabled. | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223332 | File extensions must be enabled to match file types in Excel... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223338 | Untrusted Microsoft Query files must be blocked from opening... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223339 | Untrusted database files must be opened in Excel in Protecte... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223350 | Files dragged from an Outlook e-mail to the file system must... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223351 | The junk email protection level must be set to No Automatic ... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223355 | The Publish to Global Address List (GAL) button must be disa... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223357 | The warning about invalid digital signatures must be enabled... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223360 | The ability to demote attachments from Level 2 to Level 1 mu... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223379 | Open/Save of PowerPoint 97-2003 presentations, shows, templa... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223385 | Files downloaded from the Internet must be opened in Protect... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223387 | Files in unsafe locations must be opened in Protected view i... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223408 | Open/Save of Word 2000 binary documents and templates must b... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223409 | Open/Save of Word 2003 binary documents and templates must b... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223410 | Open/Save of Word 2007 and later binary documents and templa... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223412 | Open/Save of Word 95 binary documents and templates must be ... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223413 | Open/Save of Word 97 binary documents and templates must be ... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-223414 | Open/Save of Word XP binary documents and templates must be ... | CAT II | Microsoft Office 365 ProPlus Security Te... |
| V-224819 | Users with Administrative privileges must have separate acco... | CAT I | Microsoft Windows Server 2016 Security T... |
| V-224820 | Passwords for the built-in Administrator account must be cha... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224821 | Administrative accounts must not be used with applications t... | CAT I | Microsoft Windows Server 2016 Security T... |
| V-224824 | Manually managed application account passwords must be chang... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224839 | Passwords must be configured to expire. | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224842 | Software certificate installation files must be removed from... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224862 | The time service must synchronize with an appropriate DoD ti... | CAT III | Microsoft Windows Server 2016 Security T... |
| V-224863 | Orphaned security identifiers (SIDs) must be removed from us... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224875 | Audit records must be backed up to a different system or med... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224876 | Windows Server 2016 must, at a minimum, offload audit record... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224923 | Windows Server 2016 virtualization-based security must be en... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224980 | Active Directory Group Policy objects must be configured wit... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224981 | The Active Directory Domain object must be configured with p... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224982 | The Active Directory Infrastructure object must be configure... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224983 | The Active Directory Domain Controllers Organizational Unit ... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224984 | The Active Directory AdminSDHolder object must be configured... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-224985 | The Active Directory RID Manager$ object must be configured ... | CAT II | Microsoft Windows Server 2016 Security T... |
| V-225012 | Windows Server 2016 must be running Credential Guard on doma... | CAT I | Microsoft Windows Server 2016 Security T... |
| V-225234 | .NET default proxy settings must be reviewed and approved. | CAT III | Microsoft DotNet Framework 4.0 Security ... |
| V-225238 | Update and configure the .NET Framework to support TLS. | CAT II | Microsoft DotNet Framework 4.0 Security ... |
| V-228370 | Exchange Local machine policy must require signed scripts. | CAT II | Microsoft Exchange 2016 Mailbox Server S... |
| V-228403 | Exchange services must be documented and unnecessary service... | CAT II | Microsoft Exchange 2016 Mailbox Server S... |
| V-243466 | Membership to the Enterprise Admins group must be restricted... | CAT I | Active Directory Domain Security Technic... |
| V-243467 | Membership to the Domain Admins group must be restricted to ... | CAT I | Active Directory Domain Security Technic... |
| V-243468 | Administrators must have separate accounts specifically for ... | CAT II | Active Directory Domain Security Technic... |
| V-243469 | Administrators must have separate accounts specifically for ... | CAT II | Active Directory Domain Security Technic... |
| V-243470 | Delegation of privileged accounts must be prohibited. | CAT I | Active Directory Domain Security Technic... |
| V-243472 | Separate smart cards must be used for Enterprise Admin (EA) ... | CAT II | Active Directory Domain Security Technic... |
| V-243475 | Domain controllers must be blocked from Internet access. | CAT II | Active Directory Domain Security Technic... |
| V-243477 | User accounts with domain level administrative privileges mu... | CAT II | Active Directory Domain Security Technic... |
| V-243479 | The Directory Service Restore Mode (DSRM) passwords must be ... | CAT II | Active Directory Domain Security Technic... |
| V-243487 | Membership in the Group Policy Creator Owners and Incoming F... | CAT II | Active Directory Domain Security Technic... |
| V-243502 | Membership to the Schema Admins group must be limited. | CAT II | Active Directory Forest Security Technic... |
| V-243504 | The Windows Time Service on the forest root PDC Emulator mus... | CAT II | Active Directory Forest Security Technic... |
| V-243505 | Changes to the AD schema must be subject to a documented con... | CAT III | Active Directory Forest Security Technic... |
| V-245874 | Adobe Acrobat Pro DC Continuous FIPS mode must be enabled. | CAT II | Adobe Acrobat Professional DC Continuous... |
| V-252903 | Virtualization-based protection of code integrity must be en... | CAT III | Microsoft Windows 10 Security Technical ... |
| V-259342 | Forwarders on an authoritative Windows DNS Server, if enable... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-259353 | In a split DNS configuration between the external and intern... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-259357 | The Windows DNS Server authoritative for local zones must on... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-259405 | The Windows DNS Server must, when a component failure is det... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-259412 | In the event of a system failure, the Windows DNS Server mus... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-259413 | The DNS Name Server software must run with restricted privil... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-259416 | In a split DNS configuration, where separate name servers ar... | CAT II | Microsoft Windows Server Domain Name Sys... |
| V-268315 | Copilot must be disabled for Windows 10. | CAT II | Microsoft Windows 10 Security Technical ... |
| V-269097 | Windows Server domain controllers must have Kerberos logging... | CAT II | Active Directory Domain Security Technic... |