POAM-00244
CSI Prep Deliverable: Internal Scoping Meeting
Assigned Team Lead will conduct a scoping meeting with assigned reviewers....
Recommended NIST Controls
Based on keyword analysis of POA&M description
| Control | Title | Family | Action |
|---|---|---|---|
| No recommendations available (ingest NIST controls first) | |||
Recommended STIG Rules
Based on keyword analysis of POA&M description
| Vuln ID | Title | Severity | Action |
|---|---|---|---|
| V-224820 | Passwords for the built-in Administrator account must be changed at least every 60 days. | CAT II | |
| V-224822 | Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. | CAT II | |
| V-224828 | Systems must be maintained at a supported servicing level. | CAT I | |
| V-224829 | The Windows Server 2016 system must use an anti-virus program. | CAT I | |
| V-224844 | Protection methods such as TLS, encrypted VPNs, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. | CAT II | |
| V-224847 | Windows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP). | CAT II | |
| V-224860 | FTP servers must be configured to prevent anonymous logons. | CAT II | |
| V-224864 | Secure Boot must be enabled on Windows Server 2016 systems. | CAT III | |
| V-224865 | Windows 2016 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS. | CAT III | |
| V-224866 | Windows 2016 account lockout duration must be configured to 15 minutes or greater. | CAT II |