Skip to main content
CUI

Framework Mappings

Back to Dashboard
POA&M # Title NIST STIG Actions
POAM-00001 V-215807: The Cisco router must be configured to limit the number of concurrent management sessions to an orga 0 1 Manage Recommend
POAM-00002 V-215814: The Cisco router must be configured to display the Standard Mandatory DoD Notice and Consent Banner 0 1 Manage Recommend
POAM-00003 V-215823: The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions a 0 1 Manage Recommend
POAM-00004 V-215824: The Cisco router must be configured with only one local account to be used as the account of last re 0 1 Manage Recommend
POAM-00005 V-215833: The Cisco router must be configured to terminate all network connections associated with device mana 0 1 Manage Recommend
POAM-00006 V-215836: The Cisco router must be configured to allocate audit record storage capacity in accordance with org 0 1 Manage Recommend
POAM-00007 V-215844: The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HM 0 1 Manage Recommend
POAM-00008 V-215855: The Cisco router must be configured to back up the configuration when changes occur. 0 1 Manage Recommend
POAM-00009 V-215856: The Cisco router must be configured to obtain its public key certificates from an appropriate certif 0 1 Manage Recommend
POAM-00010 V-220139: The Cisco router must be configured to send log data to at least two syslog servers for the purpose 0 1 Manage Recommend
POAM-00011 V-220140: The Cisco router must be running an IOS release that is currently supported by Cisco Systems. 0 1 Manage Recommend
POAM-00012 V-213193: Adobe Reader DC must enable FIPS mode. 0 1 Manage Recommend
POAM-00013 V-245539: Session only based cookies must be enabled. 0 0 Manage Recommend
POAM-00014 V-275780: Create Themes with AI must be disabled. 0 0 Manage Recommend
POAM-00015 V-275781: DevTools Generative AI features must be disabled. 0 0 Manage Recommend
POAM-00016 V-275782: GenAI local foundational model must be disabled. 0 0 Manage Recommend
POAM-00017 V-275783: Help Me Write must be disabled. 0 0 Manage Recommend
POAM-00018 V-275784: AI-powered History Search must be disabled. 0 0 Manage Recommend
POAM-00019 V-275785: Tab Compare Settings must be disabled. 0 0 Manage Recommend
POAM-00020 V-251553: Firefox must be configured to block pop-up windows. 0 1 Manage Recommend
POAM-00021 V-252908: Pocket must be disabled. 0 1 Manage Recommend
POAM-00022 V-252909: Firefox Studies must be disabled. 0 1 Manage Recommend
POAM-00023 V-260465: Visual Search must be disabled. 0 1 Manage Recommend
POAM-00024 V-260466: Copilot must be disabled. 0 1 Manage Recommend
POAM-00025 V-260467: Session only-based cookies must be enabled. 0 1 Manage Recommend
POAM-00026 V-266981: FriendlyURLs must be disabled. 0 1 Manage Recommend
POAM-00027 V-223284: The Macro Runtime Scan Scope must be enabled for all documents. 0 1 Manage Recommend
POAM-00028 V-223286: The Office client must be prevented from polling the SharePoint Server for published links. 0 1 Manage Recommend
POAM-00029 V-223287: Custom user interface (UI) code must be blocked from loading in all Office applications. 0 1 Manage Recommend
POAM-00030 V-223297: Consistent MIME handling must be enabled for all Office 365 ProPlus programs. 0 1 Manage Recommend
POAM-00031 V-223299: The Information Bar must be enabled in all Office programs. 0 1 Manage Recommend
POAM-00032 V-223300: The Local Machine Zone Lockdown Security must be enabled in all Office programs. 0 1 Manage Recommend
POAM-00033 V-223301: The MIME Sniffing safety feature must be enabled in all Office programs. 0 1 Manage Recommend
POAM-00034 V-223303: Object Caching Protection must be enabled in all Office programs. 0 1 Manage Recommend
POAM-00035 V-223309: Flash player activation must be disabled in all Office programs. 0 1 Manage Recommend
POAM-00036 V-223311: VBA Macros not digitally signed must be blocked in Excel. 0 1 Manage Recommend
POAM-00037 V-223312: Dynamic Data Exchange (DDE) server launch in Excel must be blocked. 0 1 Manage Recommend
POAM-00038 V-223313: Dynamic Data Exchange (DDE) server lookup in Excel must be blocked. 0 1 Manage Recommend
POAM-00039 V-223323: Open/save of Excel 95 workbooks must be blocked. 0 1 Manage Recommend
POAM-00040 V-223324: Open/save of Excel 95-97 workbooks and templates must be blocked. 0 1 Manage Recommend
POAM-00041 V-223328: Updating of links in Excel must be prompted and not automatic. 0 1 Manage Recommend
POAM-00042 V-223329: Loading of pictures from Web pages not created in Excel must be disabled. 0 1 Manage Recommend
POAM-00043 V-223330: AutoRepublish in Excel must be disabled. 0 1 Manage Recommend
POAM-00044 V-223331: AutoRepublish warning alert in Excel must be enabled. 0 1 Manage Recommend
POAM-00045 V-223332: File extensions must be enabled to match file types in Excel. 0 1 Manage Recommend
POAM-00046 V-223338: Untrusted Microsoft Query files must be blocked from opening in Excel. 0 1 Manage Recommend
POAM-00047 V-223339: Untrusted database files must be opened in Excel in Protected View mode. 0 1 Manage Recommend
POAM-00048 V-223350: Files dragged from an Outlook e-mail to the file system must be created in ANSI format. 0 1 Manage Recommend
POAM-00049 V-223351: The junk email protection level must be set to No Automatic Filtering. 0 1 Manage Recommend
POAM-00050 V-223355: The Publish to Global Address List (GAL) button must be disabled in Outlook. 0 1 Manage Recommend
POAM-00051 V-223357: The warning about invalid digital signatures must be enabled to warn Outlook users. 0 1 Manage Recommend
POAM-00052 V-223360: The ability to demote attachments from Level 2 to Level 1 must be disabled. 0 1 Manage Recommend
POAM-00053 V-223377: VBA Macros not digitally signed must be blocked in PowerPoint. 0 1 Manage Recommend
POAM-00054 V-223379: Open/Save of PowerPoint 97-2003 presentations, shows, templates, and add-in files must be blocked. 0 1 Manage Recommend
POAM-00055 V-223385: Files downloaded from the Internet must be opened in Protected view in PowerPoint. 0 1 Manage Recommend
POAM-00056 V-223387: Files in unsafe locations must be opened in Protected view in PowerPoint. 0 1 Manage Recommend
POAM-00057 V-223408: Open/Save of Word 2000 binary documents and templates must be blocked. 0 1 Manage Recommend
POAM-00058 V-223409: Open/Save of Word 2003 binary documents and templates must be blocked. 0 1 Manage Recommend
POAM-00059 V-223410: Open/Save of Word 2007 and later binary documents and templates must be blocked. 0 1 Manage Recommend
POAM-00060 V-223412: Open/Save of Word 95 binary documents and templates must be blocked. 0 1 Manage Recommend
POAM-00061 V-223413: Open/Save of Word 97 binary documents and templates must be blocked. 0 1 Manage Recommend
POAM-00062 V-223414: Open/Save of Word XP binary documents and templates must be blocked. 0 1 Manage Recommend
POAM-00063 V-223417: VBA Macros not digitally signed must be blocked in Word. 0 1 Manage Recommend
POAM-00064 V-220703: Windows 10 systems must use a BitLocker PIN for pre-boot authentication. 0 1 Manage Recommend
POAM-00065 V-220705: The operating system must employ a deny-all, permit-by-exception policy to allow the execution of au 0 1 Manage Recommend
POAM-00066 V-220716: Accounts must be configured to require password expiration. 0 1 Manage Recommend
POAM-00067 V-220726: Data Execution Prevention (DEP) must be configured to at least OptOut. 0 1 Manage Recommend
POAM-00068 V-220737: Administrative accounts must not be used with applications that access the Internet, such as web bro 0 1 Manage Recommend
POAM-00069 V-220836: The Windows Defender SmartScreen for Explorer must be enabled. 0 1 Manage Recommend
POAM-00070 V-220952: Passwords for enabled local Administrator accounts must be changed at least every 60 days. 0 1 Manage Recommend
POAM-00071 V-220957: The Access this computer from the network user right must only be assigned to the Administrators and 0 1 Manage Recommend
POAM-00072 V-220968: The Deny access to this computer from the network user right on workstations must be configured to p 0 1 Manage Recommend
POAM-00073 V-220970: The Deny log on as a service user right on Windows 10 domain-joined workstations must be configured 0 1 Manage Recommend
POAM-00074 V-220971: The Deny log on locally user right on workstations must be configured to prevent access from highly 0 1 Manage Recommend
POAM-00075 V-220972: The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a mini 0 1 Manage Recommend
POAM-00076 V-252903: Virtualization-based protection of code integrity must be enabled. 0 1 Manage Recommend
POAM-00077 V-257589: Windows 10 must have command line process auditing events enabled for failures. 0 1 Manage Recommend
POAM-00078 V-268315: Copilot in Windows must be disabled for Windows 10. 0 1 Manage Recommend
POAM-00079 V-245874: Adobe Acrobat Pro DC Continuous FIPS mode must be enabled. 0 1 Manage Recommend
POAM-00080 V-225238: Update and configure the .NET Framework to support TLS. 0 1 Manage Recommend
POAM-00081 V-225234: .NET default proxy settings must be reviewed and approved. 0 1 Manage Recommend
POAM-00082 V-224819: Users with Administrative privileges must have separate accounts for administrative duties and norma 0 1 Manage Recommend
POAM-00083 V-224820: Passwords for the built-in Administrator account must be changed at least every 60 days. 0 1 Manage Recommend
POAM-00084 V-224821: Administrative accounts must not be used with applications that access the Internet, such as web bro 0 1 Manage Recommend
POAM-00085 V-224825: Shared user accounts must not be permitted on the system. 0 1 Manage Recommend
POAM-00086 V-224826: Windows Server 2016 must employ a deny-all, permit-by-exception policy to allow the execution of aut 0 1 Manage Recommend
POAM-00087 V-224838: Windows Server 2016 accounts must require passwords. 0 1 Manage Recommend
POAM-00088 V-224839: Passwords must be configured to expire. 0 1 Manage Recommend
POAM-00089 V-224840: System files must be monitored for unauthorized changes. 0 1 Manage Recommend
POAM-00090 V-224845: The roles and features required by the system must be documented. 0 1 Manage Recommend
POAM-00091 V-224875: Audit records must be backed up to a different system or media than the system being audited. 0 1 Manage Recommend
POAM-00092 V-224876: Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time 0 1 Manage Recommend
POAM-00093 V-225007: Only administrators responsible for the member server or standalone or nondomain-joined system must 0 1 Manage Recommend
POAM-00094 V-225015: The "Deny access to this computer from the network" user right on member servers must be configured 0 1 Manage Recommend
POAM-00095 V-225017: The "Deny log on as a service" user right on member servers must be configured to prevent access fro 0 1 Manage Recommend
POAM-00096 V-225018: The "Deny log on locally" user right on member servers must be configured to prevent access from hig 0 1 Manage Recommend
POAM-00097 V-225019: The "Deny log on through Remote Desktop Services" user right on member servers must be configured to 0 1 Manage Recommend
POAM-00098 V-257502: Windows Server 2016 must have PowerShell Transcription enabled. 0 1 Manage Recommend
POAM-00099 V-225224: The Trust Providers Software Publishing State must be set to 0x23C00. 0 1 Manage Recommend
POAM-00100 V-225233: Trust must be established prior to enabling the loading of remote code in .Net 4. 0 1 Manage Recommend
POAM-00101 V-218786: Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled. 0 1 Manage Recommend
POAM-00102 V-218788: The IIS 10.0 web server must produce log records that contain sufficient information to establish th 0 1 Manage Recommend
POAM-00103 V-218789: The IIS 10.0 web server must produce log records containing sufficient information to establish the 0 1 Manage Recommend
POAM-00104 V-218790: The log information from the IIS 10.0 web server must be protected from unauthorized modification or 0 1 Manage Recommend
POAM-00105 V-218793: The IIS 10.0 web server must only contain functions necessary for operation. 0 1 Manage Recommend
POAM-00106 V-218797: The IIS 10.0 web server must be reviewed on a regular basis to remove any Operating System features, 0 1 Manage Recommend
POAM-00107 V-218798: The IIS 10.0 web server must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell 0 1 Manage Recommend
POAM-00108 V-218805: The IIS 10.0 web server must accept only system-generated session identifiers. 0 1 Manage Recommend
POAM-00109 V-218806: The IIS 10.0 web server must augment re-creation to a stable and known baseline. 0 1 Manage Recommend
POAM-00110 V-218812: The IIS 10.0 web server must restrict inbound connections from non-secure zones. 0 1 Manage Recommend
POAM-00111 V-218817: The IIS 10.0 web server must not be running on a system providing any other role. 0 1 Manage Recommend
POAM-00112 V-218819: The IIS 10.0 web server must be tuned to handle the operational requirements of the hosted applicati 0 1 Manage Recommend
POAM-00113 V-228572: An IIS Server configured to be a SMTP relay must require authentication. 0 1 Manage Recommend
POAM-00114 V-241788: HTTPAPI Server version must be removed from the HTTP Response Header information. 0 1 Manage Recommend
POAM-00115 V-241789: ASP.NET version must be removed from the HTTP Response Header information. 0 1 Manage Recommend
POAM-00116 V-268325: The Request Smuggling filter must be enabled. 0 1 Manage Recommend
POAM-00117 V-218739: Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled. 0 1 Manage Recommend
POAM-00118 V-218741: The IIS 10.0 website must produce log records that contain sufficient information to establish the o 0 1 Manage Recommend
POAM-00119 V-218742: The IIS 10.0 website must produce log records containing sufficient information to establish the ide 0 1 Manage Recommend
POAM-00120 V-218743: The IIS 10.0 website must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell pro 0 1 Manage Recommend
POAM-00121 V-218744: Mappings to unused and vulnerable scripts on the IIS 10.0 website must be removed. 0 1 Manage Recommend
POAM-00122 V-218749: A private IIS 10.0 website authentication mechanism must use client certificates to transmit session 0 1 Manage Recommend
POAM-00123 V-218763: The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle 0 1 Manage Recommend
POAM-00124 V-218768: The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certifica 0 1 Manage Recommend
POAM-00125 V-218770: Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to pro 0 1 Manage Recommend
POAM-00126 V-218782: The required DoD banner page must be displayed to authenticated users accessing a DoD private websit 0 1 Manage Recommend
POAM-00127 V-228355: Exchange servers must use approved DoD certificates. 0 1 Manage Recommend
POAM-00128 V-228358: The Exchange Email Diagnostic log level must be set to the lowest level. 0 1 Manage Recommend
POAM-00129 V-228361: Exchange Email Subject Line logging must be disabled. 0 1 Manage Recommend
POAM-00130 V-228363: Exchange Queue monitoring must be configured with threshold and action. 0 1 Manage Recommend
POAM-00131 V-228370: Exchange Local machine policy must require signed scripts. 0 1 Manage Recommend
POAM-00132 V-228371: The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled. 0 1 Manage Recommend
POAM-00133 V-228372: The Exchange Post Office Protocol 3 (POP3) service must be disabled. 0 1 Manage Recommend
POAM-00134 V-228376: Exchange Mailboxes must be retained until backups are complete. 0 1 Manage Recommend
POAM-00135 V-228379: Exchange Mail quota settings must not restrict receiving mail. 0 1 Manage Recommend
POAM-00136 V-228380: Exchange Mail Quota settings must not restrict receiving mail. 0 1 Manage Recommend
POAM-00137 V-228382: Exchange Message size restrictions must be controlled on Receive connectors. 0 1 Manage Recommend
POAM-00138 V-228383: Exchange Receive connectors must control the number of recipients per message. 0 1 Manage Recommend
POAM-00139 V-228385: Exchange Message size restrictions must be controlled on Send connectors. 0 1 Manage Recommend
POAM-00140 V-228389: The Exchange Outbound Connection Limit per Domain Count must be controlled. 0 1 Manage Recommend
POAM-00141 V-228391: Exchange Internal Receive connectors must not allow anonymous connections. 0 1 Manage Recommend
POAM-00142 V-228392: Exchange external/Internet-bound automated response messages must be disabled. 0 1 Manage Recommend
POAM-00143 V-228398: The Exchange Global Recipient Count Limit must be set. 0 1 Manage Recommend
POAM-00144 V-228402: Exchange software must be monitored for unauthorized changes. 0 1 Manage Recommend
POAM-00145 V-228404: Exchange Outlook Anywhere clients must use NTLM authentication to access email. 0 1 Manage Recommend
POAM-00146 V-228406: Exchange must not send delivery reports to remote domains. 0 1 Manage Recommend
POAM-00147 V-228407: Exchange must not send nondelivery reports to remote domains. 0 1 Manage Recommend
POAM-00148 V-228408: The Exchange SMTP automated banner response must not reveal server details. 0 1 Manage Recommend
POAM-00149 V-228409: Exchange Internal Send connectors must use an authentication level. 0 1 Manage Recommend
POAM-00150 V-228410: Exchange must provide Mailbox databases in a highly available and redundant configuration. 0 1 Manage Recommend
POAM-00151 V-228417: Exchange must have forms-based authentication disabled. 0 1 Manage Recommend
POAM-00152 V-228418: Exchange must have authenticated access set to Integrated Windows Authentication only. 0 1 Manage Recommend
POAM-00153 V-224824: Manually managed application account passwords must be changed at least annually or when a system ad 0 1 Manage Recommend
POAM-00154 V-224837: Outdated or unused accounts must be removed from the system or disabled. 0 1 Manage Recommend
POAM-00155 V-224841: Non-system-created file shares on a system must limit access to groups that require it. 0 1 Manage Recommend
POAM-00156 V-224923: Windows Server 2016 virtualization-based security must be enabled with the platform security level c 0 1 Manage Recommend
POAM-00157 V-225012: Windows Server 2016 must be running Credential Guard on domain-joined member servers. 0 1 Manage Recommend
POAM-00158 V-225016: The "Deny log on as a batch job" user right on member servers must be configured to prevent access f 0 1 Manage Recommend
POAM-00159 V-225082: The Impersonate a client after authentication user right must only be assigned to Administrators, Se 0 1 Manage Recommend
POAM-00160 V-218802: IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system func 0 1 Manage Recommend
POAM-00161 V-218823: All accounts installed with the IIS 10.0 web server software and tools must have passwords assigned 0 1 Manage Recommend
POAM-00162 V-218737: A private IIS 10.0 website must only accept Secure Socket Layer (SSL) connections. 0 1 Manage Recommend
POAM-00163 V-218738: A public IIS 10.0 website must only accept Secure Socket Layer (SSL) connections when authentication 0 1 Manage Recommend
POAM-00164 V-218745: The IIS 10.0 website must have resource mappings set to disable the serving of certain file types. 0 1 Manage Recommend
POAM-00165 V-218748: Each IIS 10.0 website must be assigned a default host header. 0 1 Manage Recommend
POAM-00166 V-218752: The IIS 10.0 website document directory must be in a separate partition from the IIS 10.0 websites s 0 1 Manage Recommend
POAM-00167 V-218756: Non-ASCII characters in URLs must be prohibited by any IIS 10.0 website. 0 1 Manage Recommend
POAM-00168 V-218758: Unlisted file extensions in URL requests must be filtered by any IIS 10.0 website. 0 1 Manage Recommend
POAM-00169 V-218767: The IIS 10.0 website must only accept client certificates issued by DOD PKI or DOD-approved PKI Cert 0 1 Manage Recommend
POAM-00170 V-218772: The maximum number of requests an application pool can process for each IIS 10.0 website must be exp 0 1 Manage Recommend
POAM-00171 V-243466: Membership to the Enterprise Admins group must be restricted to accounts used only to manage the Act 0 1 Manage Recommend
POAM-00172 V-243467: Membership to the Domain Admins group must be restricted to accounts used only to manage the Active 0 1 Manage Recommend
POAM-00173 V-243468: Administrators must have separate accounts specifically for managing domain member servers. 0 1 Manage Recommend
POAM-00174 V-243469: Administrators must have separate accounts specifically for managing domain workstations. 0 1 Manage Recommend
POAM-00175 V-243470: Delegation of privileged accounts must be prohibited. 0 1 Manage Recommend
POAM-00176 V-243471: Local administrator accounts on domain systems must not share the same password. 0 1 Manage Recommend
POAM-00177 V-243472: Separate smart cards must be used for Enterprise Admin (EA) and Domain Admin (DA) accounts from smar 0 1 Manage Recommend
POAM-00178 V-243475: Domain controllers must be blocked from Internet access. 0 1 Manage Recommend
POAM-00179 V-243477: User accounts with domain level administrative privileges must be members of the Protected Users gro 0 1 Manage Recommend
POAM-00180 V-243487: Membership in the Group Policy Creator Owners and Incoming Forest Trust Builders groups must be limi 0 1 Manage Recommend
POAM-00181 V-269097: Windows Server domain controllers must have Kerberos logging enabled with servers hosting Active Dir 0 1 Manage Recommend
POAM-00182 V-243502: Membership to the Schema Admins group must be limited. 0 1 Manage Recommend
POAM-00183 V-243504: The Windows Time Service on the forest root PDC Emulator must be configured to acquire its time from 0 1 Manage Recommend
POAM-00184 V-224842: Software certificate installation files must be removed from Windows Server 2016. 0 1 Manage Recommend
POAM-00185 V-224862: The time service must synchronize with an appropriate DoD time source. 0 1 Manage Recommend
POAM-00186 V-224863: Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2016. 0 1 Manage Recommend
POAM-00187 V-224940: Windows Server 2016 Windows SmartScreen must be enabled. 0 1 Manage Recommend
POAM-00188 V-224976: Domain controllers must run on a machine dedicated to that function. 0 1 Manage Recommend
POAM-00189 V-224979: The directory service must be configured to terminate LDAP-based network connections to the director 0 1 Manage Recommend
POAM-00190 V-224981: The Active Directory Domain object must be configured with proper audit settings. 0 1 Manage Recommend
POAM-00191 V-224982: The Active Directory Infrastructure object must be configured with proper audit settings. 0 1 Manage Recommend
POAM-00192 V-224983: The Active Directory Domain Controllers Organizational Unit (OU) object must be configured with prop 0 1 Manage Recommend
POAM-00193 V-224984: The Active Directory AdminSDHolder object must be configured with proper audit settings. 0 1 Manage Recommend
POAM-00194 V-224985: The Active Directory RID Manager$ object must be configured with proper audit settings. 0 1 Manage Recommend
POAM-00195 V-224993: PKI certificates associated with user accounts must be issued by the DoD PKI or an approved External 0 1 Manage Recommend
POAM-00196 V-224994: Active Directory user accounts, including administrators, must be configured to require the use of a 0 1 Manage Recommend
POAM-00197 V-224995: Domain controllers must require LDAP access signing. 0 1 Manage Recommend
POAM-00198 V-224997: The Access this computer from the network user right must only be assigned to the Administrators, Au 0 1 Manage Recommend
POAM-00199 V-224998: The Add workstations to domain user right must only be assigned to the Administrators group. 0 1 Manage Recommend
POAM-00200 V-225072: The Allow log on locally user right must only be assigned to the Administrators group. 0 1 Manage Recommend
POAM-00201 V-225073: The Back up files and directories user right must only be assigned to the Administrators group. 0 1 Manage Recommend
POAM-00202 V-225080: The Force shutdown from a remote system user right must only be assigned to the Administrators group 0 1 Manage Recommend
POAM-00203 V-225084: The Load and unload device drivers user right must only be assigned to the Administrators group. 0 1 Manage Recommend
POAM-00204 V-225086: The Manage auditing and security log user right must only be assigned to the Administrators group. 0 1 Manage Recommend
POAM-00205 V-225092: The Restore files and directories user right must only be assigned to the Administrators group. 0 1 Manage Recommend
POAM-00206 V-271430: Windows Server 2016 must be configured for name-based strong mappings for certificates. 0 1 Manage Recommend
POAM-00207 V-259342: Forwarders on an authoritative Windows DNS Server, if enabled for external resolution, must forward 0 1 Manage Recommend
POAM-00208 V-259357: The Windows DNS Server authoritative for local zones must only point root hints to the DNS servers t 0 1 Manage Recommend
POAM-00209 V-259367: The Windows DNS Server must be configured to enforce authorized access to the corresponding private 0 1 Manage Recommend
POAM-00210 V-259369: The Windows DNS Server permissions must be set so the key file can only be read or modified by the a 0 1 Manage Recommend
POAM-00211 V-259405: The Windows DNS Server must, when a component failure is detected, activate a notification to the sy 0 1 Manage Recommend
POAM-00212 V-259407: The Windows DNS Server must verify the correct operation of security functions upon system startup a 0 1 Manage Recommend
POAM-00213 V-259411: The DNS server implementation must employ strong authenticators in the establishment of nonlocal mai 0 1 Manage Recommend
POAM-00214 V-259412: In the event of a system failure, the Windows DNS Server must preserve any information necessary to 0 1 Manage Recommend
POAM-00215 V-259413: The DNS Name Server software must run with restricted privileges. 0 1 Manage Recommend
POAM-00216 V-259415: The Windows DNS Server audit records must be backed up at least every seven days onto a different sy 0 1 Manage Recommend
POAM-00217 V-259417: Windows DNS response rate limiting (RRL) must be enabled. 0 1 Manage Recommend
POAM-00218 V-225236: Software utilizing .Net 4.0 must be identified and relevant access controls configured. 0 1 Manage Recommend
POAM-00219 V-213929: SQL Server must limit the number of concurrent sessions to an organization-defined number per user f 0 0 Manage Recommend
POAM-00220 V-213934: SQL Server must protect against a user falsely repudiating by ensuring the NT AUTHORITY SYSTEM accou 0 0 Manage Recommend
POAM-00221 V-213936: SQL Server must be configured to generate audit records for DoD-defined auditable events within all 0 0 Manage Recommend
POAM-00222 V-213940: SQL Server must initiate session auditing upon startup. 0 0 Manage Recommend
POAM-00223 V-213975: SQL Server must prevent unauthorized and unintended information transfer via shared system resources 0 0 Manage Recommend
POAM-00224 V-213989: SQL Server must produce audit records of its enforcement of access restrictions associated with chan 0 0 Manage Recommend
POAM-00225 V-213992: SQL Server services must be configured to run under unique dedicated user accounts. 0 0 Manage Recommend
POAM-00226 V-214000: SQL Server must generate audit records when successful and unsuccessful attempts to add privileges/p 0 0 Manage Recommend
POAM-00227 V-214002: SQL Server must generate audit records when successful and unsuccessful attempts to modify privilege 0 0 Manage Recommend
POAM-00228 V-214004: SQL Server must generate audit records when successful and unsuccessful attempts to modify security 0 0 Manage Recommend
POAM-00229 V-214008: SQL Server must generate audit records when successful and unsuccessful attempts to delete privilege 0 0 Manage Recommend
POAM-00230 V-214010: SQL Server must generate audit records when successful and unsuccessful attempts to delete security 0 0 Manage Recommend
POAM-00231 V-214014: SQL Server must generate audit records when successful and unsuccessful logons or connection attempt 0 0 Manage Recommend
POAM-00232 V-214015: SQL Server must generate audit records for all privileged activities or other system-level access. 0 0 Manage Recommend
POAM-00233 V-214016: SQL Server must generate audit records when unsuccessful attempts to execute privileged activities o 0 0 Manage Recommend
POAM-00234 V-214017: SQL Server must generate audit records showing starting and ending time for user access to the datab 0 0 Manage Recommend
POAM-00235 V-214018: SQL Server must generate audit records when concurrent logons/connections by the same user from diff 0 0 Manage Recommend
POAM-00236 V-214026: SQL Server must configure Customer Feedback and Error Reporting. 0 0 Manage Recommend
POAM-00237 V-214029: SQL Server default account [sa] must have its name changed. 0 0 Manage Recommend
POAM-00241 CSI Prep Deliverable: RFI Form 0 0 Manage Recommend
POAM-00243 CSI Prep Deliverable: Scoping Document Review (SAV) 0 0 Manage Recommend
POAM-00244 CSI Prep Deliverable: Internal Scoping Meeting 0 0 Manage Recommend
POAM-00245 CSI Prep Deliverable: External Scoping Teleconference 0 0 Manage Recommend
POAM-00246 CSI Prep Deliverable: Reserve In brief and Out brief Locations (SAV) 0 0 Manage Recommend
POAM-00247 CSI Prep Deliverable: Final Logistics 0 0 Manage Recommend
POAM-00248 CSI Prep Deliverable: Final Logistics Meeting 0 0 Manage Recommend
POAM-00250 CSI Prep Deliverable: Reserve In brief and Out brief Locations 0 0 Manage Recommend
POAM-00251 CSI Prep Deliverable: Final Logistics 0 0 Manage Recommend
POAM-00252 CSI Prep Deliverable: Final Scoping/ Logistics Meeting 0 0 Manage Recommend
CUI