Download
| Alert*
oval:gov.nist.usgcb.xp:def:100208
configure automatic updates oval:gov.nist.usgcb.xp:def:6725 This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min) oval:gov.nist.usgcb.xp:def:6726 You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Terminal Services allows users to disconnect from a remote session without logging off and ending the session. (1 min) oval:gov.nist.usgcb.xp:def:6714 Prompt for password on resume from hibernate / suspend oval:gov.nist.usgcb.xp:def:6708 Screen Saver timeout oval:gov.nist.usgcb.xp:def:6027 Audit: Shut down system immediately if unable to log security audits oval:gov.nist.usgcb.xp:def:6707 Password protect the screen saver oval:gov.nist.usgcb.xp:def:6121 Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. oval:gov.nist.usgcb.xp:def:6122 This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. oval:gov.nist.usgcb.xp:def:6596 Do not allow passwords to be saved oval:gov.nist.usgcb.xp:def:6595 Disable remote Desktop Sharing oval:gov.nist.usgcb.xp:def:6563 Offer Remote Assistance oval:gov.nist.usgcb.xp:def:6566 RPC Endpoint Mapper Client Authentication oval:org.secpod.oval:def:15290 The 'Enable User to Use Media Source While Elevated' policy should be set correctly. oval:org.secpod.oval:def:15266 CD-ROM Autorun should be properly configured. oval:org.secpod.oval:def:7970 Anti-virus is installed and up-to-date oval:org.secpod.oval:def:15381 The 'Windows Firewall: Define program exceptions' policy should be configured correctly for the Domain Profile. oval:org.secpod.oval:def:15142 The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly . oval:gov.nist.usgcb.xp:def:198 This definition tests the maximum allowed size of the security log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:197 This definition tests the maximum allowed size of the application log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:199 This definition tests the maximum allowed size of the system log is at least as big as the supplied value. oval:org.secpod.oval:def:15277 The 'Terminate session when time limits are reached' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15270 Auditing of 'process tracking' events on failure should be enabled or disabled as appropriate. oval:org.secpod.oval:def:7715 The Screen Saver Executable Name setting should be configured correctly for the current user. oval:org.secpod.oval:def:7716 The "Screen Saver Timeout" setting should be configured correctly for the default user. oval:org.secpod.oval:def:7717 The settings of screen saver should be enabled or disabled as appropriate for the current user. oval:org.secpod.oval:def:15096 The 'restrict guest access to application log' policy should be set correctly. oval:org.secpod.oval:def:15188 Membership in the Backup Operators group should be assigned to the appropriate accounts. oval:org.secpod.oval:def:15180 The 'Anonymous access to the security event log' policy should be set correctly. oval:org.secpod.oval:def:15186 The required auditing for %SystemDrive% directory should be enabled. oval:org.secpod.oval:def:15193 The 'Log Successful Connections' option for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15072 The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled. oval:org.secpod.oval:def:15197 the 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices' setting should be configured correctly. oval:org.secpod.oval:def:15323 The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly . oval:org.secpod.oval:def:15324 The 'Prevent Codec Download' policy should be set correctly for Windows MediaPlayer. oval:org.secpod.oval:def:15325 The 'Anonymous access to the application event log' policy should be set correctly. oval:org.secpod.oval:def:15318 Always Wait for the Network at Computer Startup and Logon should be properly configured. oval:gov.nist.usgcb.xp:def:205 Retention method for system log oval:org.secpod.oval:def:15330 Membership in the Remote Desktop Users group should be assigned to the appropriate accounts. oval:gov.nist.usgcb.xp:def:204 Retention method for security log oval:gov.nist.usgcb.xp:def:203 This definition tests the retention method for the application log. Possible methods are - overwrite as necessary, do not overwrite, or overwrite events older than X seconds. oval:org.secpod.oval:def:15328 The 'Limit Number of Connections' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15305 The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile. oval:gov.nist.usgcb.xp:def:110 MSS: (AutoAdminLogon) Enable Automatic Logon disabled oval:gov.nist.usgcb.xp:def:115 MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds oval:org.secpod.oval:def:15310 Dr. Watson Crash Dumps should be properly configured. oval:gov.nist.usgcb.xp:def:105 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing oval:org.secpod.oval:def:15124 The 'restrict guest access to system log' policy should be set correctly. oval:org.secpod.oval:def:15126 The 'Limit Users to One Remote Session' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15362 The 'Prevent IIS Installation' setting should be configured correctly. oval:org.secpod.oval:def:15378 The 'CD Burning features in Windows Explorer' should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15257 The 'Anonymous access to the system event log' policy should be set correctly. oval:org.secpod.oval:def:15251 Membership in the Power Users group should be assigned to the appropriate accounts. oval:gov.nist.usgcb.xp:def:123 MSS (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires oval:org.secpod.oval:def:15343 Domain Profile: Do not allow exceptions (SP2 only) oval:org.secpod.oval:def:15228 The 'restrict guest access to security log' policy should be set correctly. oval:org.secpod.oval:def:15340 The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15234 The 'Remote Control Settings' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15117 The 'Enable User to Patch Elevated Products' policy should be set correctly. oval:org.secpod.oval:def:15239 Auditing of 'process tracking' events on success should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15357 The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15358 The 'Log Dropped Packets' option for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15230 The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled. oval:org.secpod.oval:def:15352 Standard Profile: Define port exceptions (SP2 only) oval:org.secpod.oval:def:15372 The 'Windows Firewall: Outbound connections' policy should be configured correctly for the Domain profile. oval:org.secpod.oval:def:15379 The 'Windows Firewall: Apply local firewall rules' policy should be configured correctly for the Domain profile. oval:org.secpod.oval:def:15274 The 'Always Prompt Client for Password upon Connection' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15377 Processing of the legacy run list on logon should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15373 The 'Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)' policy should be set correctly. oval:gov.nist.usgcb.xp:def:100205 do not process the run once list oval:gov.nist.usgcb.xp:def:243 This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user. oval:gov.nist.usgcb.xp:def:169 Administrators may change the system time oval:gov.nist.usgcb.xp:def:6565 Restrictions for Unauthenticated RPC clients oval:org.secpod.oval:def:15374 The 'Windows Firewall: Inbound connections' policy should be configured correctly for the Domain Profile. oval:gov.nist.usgcb.xp:def:181 LOCAL SERVICE and NETWORK SERVICE may generate security audits oval:org.secpod.oval:def:15140 Disable saving of dial-up passwords should be properly configured. oval:org.secpod.oval:def:15135 Automatic Reboot After System Crash should be properly configured. oval:org.secpod.oval:def:5645 Verify that all users are assigned a unique ID for access to system components or cardholder data and also verify that users are authenticated using unique ID and additional authentication (for example, a password) for access to the cardholder data environment. oval:org.secpod.oval:def:5646 Verify that inactive accounts over 90 days old are either removed or disabled. oval:gov.nist.usgcb.xp:def:30 Audit Directory Service Access oval:gov.nist.usgcb.xp:def:32 Audit logon events oval:gov.nist.usgcb.xp:def:35 Audit policy changes oval:gov.nist.usgcb.xp:def:34 Audit object access oval:gov.nist.usgcb.xp:def:37 Audit system events oval:gov.nist.usgcb.xp:def:36 Audit privilege use oval:gov.nist.usgcb.xp:def:22 Passwords must be stored using reversible encryption for all users in the domain oval:gov.nist.usgcb.xp:def:21 Passwords must meet complexity requirements oval:gov.nist.usgcb.xp:def:24 The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ... oval:gov.nist.usgcb.xp:def:23 This definition verifies that locked accounts remains locked for the defined number of minutes before they are automatically unlocked. oval:gov.nist.usgcb.xp:def:26 Reset account lockout counters after the profile defined number of minutes oval:gov.nist.usgcb.xp:def:27 Audit account logon events oval:gov.nist.usgcb.xp:def:29 Audit account management oval:gov.nist.usgcb.xp:def:17 Maximum password age is the profile defined number of days oval:gov.nist.usgcb.xp:def:16 Password history enforcement is enabled and the profile defined number of passwords are remembered oval:gov.nist.usgcb.xp:def:19 Minimum password length is the profile defined number of characters oval:gov.nist.usgcb.xp:def:18 Minimum password age is the profile defined number of days oval:gov.nist.usgcb.xp:def:83 Microsoft network server: Amount of idle time required before suspending session oval:gov.nist.usgcb.xp:def:71 Set message title for users attempting to log on oval:gov.nist.usgcb.xp:def:70 Set message text for users attempting to log on oval:gov.nist.usgcb.xp:def:74 Prompt user to change password before expiration oval:gov.nist.usgcb.xp:def:60 Warn for unsigned driver installation oval:gov.nist.usgcb.xp:def:62 Digitally encrypt secure channel data (when possible) oval:gov.nist.usgcb.xp:def:61 Digitally encrypt or sign secure channel data (always) oval:gov.nist.usgcb.xp:def:63 Digitally sign secure channel data (when possible) oval:gov.nist.usgcb.xp:def:66 Require strong (Windows 2000 or later) session key oval:gov.nist.usgcb.xp:def:65 Maximum machine account password age is profile defined number of days oval:gov.nist.USGCB.xpfirewall:def:51041 Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ... oval:gov.nist.USGCB.xpfirewall:def:5111 The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ... oval:gov.nist.USGCB.xpfirewall:def:5100 The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ... oval:gov.nist.USGCB.xpfirewall:def:5101 The Windows Firewall: Do not allow exceptions setting specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages. If you enable this policy setting in the Windows Firewall component of Co ... oval:gov.nist.USGCB.xpfirewall:def:5107 Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ... oval:gov.nist.USGCB.xpfirewall:def:5109 Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ... oval:gov.nist.USGCB.xpfirewall:def:6008 The Windows Firewall port exceptions list should be defined by Group Policy, which allows you to centrally manage and deploy your port exceptions and ensure that local administrators do not create less secure settings. The Windows Firewall: Define port exceptions policy setting allows you to central ... oval:gov.nist.USGCB.xpfirewall:def:5011 The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ... oval:gov.nist.USGCB.xpfirewall:def:5016 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5015 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5014 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5013 The Windows Firewall: Allow local port exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall can use two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions poli ... oval:gov.nist.USGCB.xpfirewall:def:5017 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5000 The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ... oval:gov.nist.USGCB.xpfirewall:def:5005 This setting allows file and printer sharing by configuring Windows Firewall to open UDP ports 137 and 138 and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall opens these ports so that the computer can receive print jobs and requests for access to shared files. You must sp ... oval:gov.nist.USGCB.xpfirewall:def:5004 Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ... oval:gov.nist.USGCB.xpfirewall:def:5003 The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that ... oval:gov.nist.USGCB.xpfirewall:def:5009 Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ... oval:gov.nist.USGCB.xpfirewall:def:5008 The Windows Firewall: Allow UPnP framework exception setting allows a computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To receive these messages, Windows Firewall opens TCP port 2869 and UDP port 1900. If you enable this policy ... oval:gov.nist.USGCB.xpfirewall:def:5007 Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ... oval:gov.nist.USGCB.xpfirewall:def:5006 The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this pol ... |