| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-224819 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224819 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Users with Administrative privileges must have sep... | Documented Pending Review | |||
Check TextVerify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding. Fix TextEnsure each user with administrative privileges has a separate account for user duties and one for privileged duties.
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224821 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Administrative accounts must not be used with appl... | Documented Pending Review | |||
Check TextDetermine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. If it does not, this is a finding. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement. Fix TextEstablish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced. The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 7BEF854B89F42EC500A0B759D80C9F3FAE4D1E65 ~~~~~ Operating system is 'Windows Server 2016 Datacenter 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 7BEF854B89F42EC500A0B759D80C9F3FAE4D1E65 ~~~~~ Operating system is 'Windows Server 2016 Datacenter 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B6AC25614EB7418F4A5ED5C1A135A4467FB661C5 ~~~~~ Operating system is 'Windows Server 2016 Standard 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B6AC25614EB7418F4A5ED5C1A135A4467FB661C5 ~~~~~ Operating system is 'Windows Server 2016 Standard 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B6AC25614EB7418F4A5ED5C1A135A4467FB661C5 ~~~~~ Operating system is 'Windows Server 2016 Standard 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B6AC25614EB7418F4A5ED5C1A135A4467FB661C5 ~~~~~ Operating system is 'Windows Server 2016 Standard 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B6AC25614EB7418F4A5ED5C1A135A4467FB661C5 ~~~~~ Operating system is 'Windows Server 2016 Standard 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224828 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Systems must be maintained at a supported servicin... | - | |||
Check TextThis STIG is sunset and no longer maintained. Open "Command Prompt". Enter "winver.exe". If the "About Windows" dialog box displays "Microsoft Windows Server Version 1607 (Build 14393.xxx)" and there is not documented extended support for Microsoft Windows Server 2016, this is a finding. Fix TextUpgrade the operating system to a supported version. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B6AC25614EB7418F4A5ED5C1A135A4467FB661C5 ~~~~~ Operating system is 'Windows Server 2016 Standard 1607' (10.0.14393) End of Support Date: Jan 12, 2027 End of Support Link: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2016
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224829 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | The Windows Server 2016 system must use an anti-vi... | - | |||
Check TextVerify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. If there is no anti-virus solution installed on the system, this is a finding. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName” Verify if third-party anti-virus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName” Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName” Fix TextIf no anti-virus software is in use, install Windows Defender or third-party anti-virus. Open "PowerShell". Enter "Install-WindowsFeature -Name Windows-Defender” For third-party anti-virus, install per anti-virus instructions and disable Windows Defender. Open "PowerShell". Enter “Uninstall-WindowsFeature -Name Windows-Defender”. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 265FFF3B14F0922A007BF8136F3FA18973CFB244 ~~~~~ Windows Defender Antivirus is NOT installed. Feature: Windows-Defender State: Disabled
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5CA0759465086F9D66DF595519D98FCAA4B739D2 ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: VMs File System: NTFS
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 5CA0759465086F9D66DF595519D98FCAA4B739D2 ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: VMs File System: NTFS
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 94622EDF56DD29A3ACA656BF9588E97EB7B69BA3 ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: MB-002-OS File System: NTFS Device ID: D: Drive Type: Local Disk (3) Volume Name: PROGLOGS File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: Exchange File System: NTFS Device ID: M: Drive Type: Local Disk (3) Volume Name: Mailbox File System: NTFS
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AE8384DF4A6DF1101B40668690E53B482CFFDD59 ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: New Volume File System: NTFS
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 970CB0CF367610B48D3175A7F6732146B363AA1D ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: DC-003-OS File System: NTFS Device ID: D: Drive Type: Local Disk (3) Volume Name: PROGLOGS File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: AD-SYSVOL File System: NTFS
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 27E3EFED84E2366F9C7E05423896CE7B66B7D30A ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: DB-002-OS File System: NTFS Device ID: D: Drive Type: Local Disk (3) Volume Name: PROGLOGS File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: DATA File System: NTFS Device ID: G: Drive Type: Local Disk (3) Volume Name: LogiQuest File System: NTFS Device ID: O: Drive Type: Local Disk (3) Volume Name: IBS File System: NTFS
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 12939B13563B98C1C0E9CF7E99396A1849389DE8 ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: BE-002-OS File System: NTFS Device ID: D: Drive Type: Local Disk (3) Volume Name: PROGLOGS File System: NTFS
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224831 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Local volumes must use a format that supports NTFS... | - | |||
Check TextOpen "Computer Management". Select "Disk Management" under "Storage". For each local volume, if the file system does not indicate "NTFS", this is a finding. "ReFS" (resilient file system) is also acceptable and would not be a finding. This does not apply to system partitions such the Recovery and EFI System Partition. Fix TextFormat volumes to use NTFS or ReFS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 23FFCAA6C6211240C05DB0BA16F53867DB70E6FF ~~~~~ All disk file systems are NTFS or ReFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Device ID: D: Drive Type: Local Disk (3) Volume Name: PROGLOGS File System: NTFS Device ID: E: Drive Type: Local Disk (3) Volume Name: DATA File System: NTFS
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224843 | CAT I | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Systems requiring data at rest protections must em... | - | |||
Check TextVerify systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data employ encryption to protect the confidentiality and integrity of all information at rest. If they do not, this is a finding. Fix TextConfigure systems that require additional protections due to factors such as inadequate physical protection or sensitivity of the data to employ encryption to protect the confidentiality and integrity of all information at rest.
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||
| V-224874 | CAT I | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Windows Server 2016 reversible password encryption... | - | |||
Check TextVerify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for "Store passwords using reversible encryption" is not set to "Disabled", this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "ClearTextPassword" equals "1" in the file, this is a finding. Fix TextConfigure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Store passwords using reversible encryption" to "Disabled". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0C3874C178BF034376FC830F77095A4B14233118 ~~~~~ 'Store passwords using reversible encryption' is Disabled ClearTextPassword: 0
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224874 | CAT I | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Windows Server 2016 reversible password encryption... | - | |||
Check TextVerify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for "Store passwords using reversible encryption" is not set to "Disabled", this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "ClearTextPassword" equals "1" in the file, this is a finding. Fix TextConfigure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Store passwords using reversible encryption" to "Disabled". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0C3874C178BF034376FC830F77095A4B14233118 ~~~~~ 'Store passwords using reversible encryption' is Disabled ClearTextPassword: 0
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||