-
Notifications
You must be signed in to change notification settings - Fork 116
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update PowerSTIG to successfully parse/apply Microsoft Windows 10 STI…
…G - Ver 2, Rel 1 (#797) * initial commit * updated convert * updated disa copy paste error
- Loading branch information
Showing
10 changed files
with
7,195 additions
and
7,661 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 0 additions & 14 deletions
14
source/StigData/Archive/Windows.Client/U_MS_Windows_10_STIG_V1R21_Manual-xccdf.log
This file was deleted.
Oops, something went wrong.
4,583 changes: 0 additions & 4,583 deletions
4,583
source/StigData/Archive/Windows.Client/U_MS_Windows_10_STIG_V1R21_Manual-xccdf.xml
This file was deleted.
Oops, something went wrong.
16 changes: 16 additions & 0 deletions
16
source/StigData/Archive/Windows.Client/U_MS_Windows_10_STIG_V2R1_Manual-xccdf.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
V-220745::"Minimum password length,"::"Minimum password length" | ||
V-220747::"Store password using reversible encryption"::"Store passwords using reversible encryption" | ||
V-220836::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'; ValueData = 'Block'; ValueName = 'ShellSmartScreenLevel'; ValueType = 'String'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System'; ValueData = $null; ValueName = 'EnableSmartScreen'; ValueType = 'Dword'; OrganizationValueTestString = "{0} -eq 1|2"} | ||
V-220860::Registry Path: \SOFTWARE\ Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\::Registry Path: \SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\ | ||
V-220805::Registry Path: \SOFTWARE\Policies\Microsoft\ Cryptography\Configuration\SSL\00010002\::Registry Path: \SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\ | ||
V-220704::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE'; ValueData = $null; ValueName = 'MinimumPIN'; ValueType = 'DWord'; OrganizationValueTestString = 'ValueData is set to 0x00000006 (6) or greater '} | ||
V-220870::Value data: 0::Value: 0x00000000 (0) | ||
V-220871::Value data: 1::Value: 0x00000001 (1) | ||
V-220793::RegistryPath\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam::Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam | ||
V-220793::This requirement is not applicable to mobile devices (smartphones and tablets), where the use of the camera is a local AO decision.::ValueType: REG_SZ | ||
V-220793::This requirement is not applicable to dedicated VTC suites located in approved VTC locations that are centrally managed.::Value: Deny | ||
V-220793::Value Name: Deny::ValueName: Value | ||
V-220961::NT SERVICE\autotimesvc is added in v1909 cumulative update.::NT SERVICE\autotimesvc | ||
V-220891::OverrideExportAddressFilter: False::OverrideEnableExportAddressFilter: False | ||
V-220891::OverrideExportAddressFilterPlus: False::OverrideEnableExportAddressFilterPlus: False | ||
V-220891::OverrideImportAddressFilter: False::OverrideEnableImportAddressFilter: False |
4,540 changes: 4,540 additions & 0 deletions
4,540
source/StigData/Archive/Windows.Client/U_MS_Windows_10_STIG_V2R1_Manual-xccdf.xml
Large diffs are not rendered by default.
Oops, something went wrong.
85 changes: 0 additions & 85 deletions
85
source/StigData/Processed/WindowsClient-10-1.21.org.default.xml
This file was deleted.
Oops, something went wrong.
83 changes: 83 additions & 0 deletions
83
source/StigData/Processed/WindowsClient-10-2.1.org.default.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
<!-- | ||
The organizational settings file is used to define the local organizations | ||
preferred setting within an allowed range of the STIG. | ||
Each setting in this file is linked by STIG ID and the valid range is in an | ||
associated comment. | ||
--> | ||
<OrganizationalSettings fullversion="2.1"> | ||
<!-- Ensure ValueData is set to 0x00000006 (6) or greater --> | ||
<OrganizationalSetting id="V-220704" ValueData="" /> | ||
<!-- Ensure ''V-220739'' -ge '15' -or ''V-220739'' -eq '0'--> | ||
<OrganizationalSetting id="V-220739" PolicyValue="15" /> | ||
<!-- Ensure ''V-220740'' -le '3' -and ''V-220740'' -ne '0'--> | ||
<OrganizationalSetting id="V-220740" PolicyValue="3" /> | ||
<!-- Ensure ''V-220741'' -ge '15'--> | ||
<OrganizationalSetting id="V-220741" PolicyValue="15" /> | ||
<!-- Ensure ''V-220742'' -ge '24'--> | ||
<OrganizationalSetting id="V-220742" PolicyValue="24" /> | ||
<!-- Ensure ''V-220743'' -le '60' -and ''V-220743'' -ne '0'--> | ||
<OrganizationalSetting id="V-220743" PolicyValue="30" /> | ||
<!-- Ensure ''V-220744'' -ge '1'--> | ||
<OrganizationalSetting id="V-220744" PolicyValue="1" /> | ||
<!-- Ensure ''V-220745'' -ge '14'--> | ||
<OrganizationalSetting id="V-220745" PolicyValue="14" /> | ||
<!-- Ensure ''V-220779'' -ge '32768'--> | ||
<OrganizationalSetting id="V-220779" ValueData="32768" /> | ||
<!-- Ensure ''V-220780'' -ge '1024000'--> | ||
<OrganizationalSetting id="V-220780" ValueData="1024000" /> | ||
<!-- Ensure ''V-220781'' -ge '32768'--> | ||
<OrganizationalSetting id="V-220781" ValueData="32768" /> | ||
<!-- Ensure ''V-220806'' -match '1|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220806" ValueData="1" /> | ||
<!-- Ensure ''V-220811.b'' -match '1|3'--> | ||
<OrganizationalSetting id="V-220811.b" ValueData="1" /> | ||
<!-- Ensure ''V-220813'' -match '1|3|8'--> | ||
<OrganizationalSetting id="V-220813" ValueData="1" /> | ||
<!-- Ensure ''V-220818'' -match '1|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220818" ValueData="1" /> | ||
<!-- Ensure 'V-220836.b' -eq 1|2--> | ||
<OrganizationalSetting id="V-220836.b" ValueData="1" /> | ||
<!-- Ensure ''V-220837'' -match '0|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220837" ValueData="0" /> | ||
<!-- Ensure ''V-220838'' -match '0|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220838" ValueData="0" /> | ||
<!-- Ensure ''V-220839'' -match '0|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220839" ValueData="0" /> | ||
<!-- Ensure ''V-220847'' -ge '6'--> | ||
<OrganizationalSetting id="V-220847" ValueData="6" /> | ||
<!-- Ensure ''V-220854'' -match '0|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220854" ValueData="0" /> | ||
<!-- Ensure ''V-220858'' -match '0|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220858" ValueData="0" /> | ||
<!-- Ensure location for DoD Root CA 2 certificate is present--> | ||
<OrganizationalSetting id="V-220903.a" Location="" /> | ||
<!-- Ensure location for DoD Root CA 3 certificate is present--> | ||
<OrganizationalSetting id="V-220903.b" Location="" /> | ||
<!-- Ensure location for DoD Root CA 4 certificate is present--> | ||
<OrganizationalSetting id="V-220903.c" Location="" /> | ||
<!-- Ensure location for DoD Root CA 5 certificate is present--> | ||
<OrganizationalSetting id="V-220903.d" Location="" /> | ||
<!-- Ensure location for DoD Interoperability Root CA 2 certificate is present--> | ||
<OrganizationalSetting id="V-220905.a" Location="" /> | ||
<!-- Ensure location for DoD Interoperability Root CA 1 certificate is present--> | ||
<OrganizationalSetting id="V-220905.b" Location="" /> | ||
<!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present--> | ||
<OrganizationalSetting id="V-220906" Location="" /> | ||
<!-- Ensure ''V-220911'' -ne 'Administrator'--> | ||
<OrganizationalSetting id="V-220911" OptionValue="" /> | ||
<!-- Ensure ''V-220912'' -ne 'Guest'--> | ||
<OrganizationalSetting id="V-220912" OptionValue="" /> | ||
<!-- Ensure ''V-220918'' -le '30' -and ''V-220918'' -gt '0'--> | ||
<OrganizationalSetting id="V-220918" ValueData="30" /> | ||
<!-- Ensure ''V-220920'' -le '900' -and ''V-220920'' -gt '0'--> | ||
<OrganizationalSetting id="V-220920" ValueData="450" /> | ||
<!-- Ensure ''V-220922'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'--> | ||
<OrganizationalSetting id="V-220922" ValueData="US Department of Defense Warning Statement" /> | ||
<!-- Ensure ''V-220923'' -le '10'--> | ||
<OrganizationalSetting id="V-220923" ValueData="10" /> | ||
<!-- Ensure ''V-220924'' -match '1|2'--> | ||
<OrganizationalSetting id="V-220924" ValueData="1" /> | ||
<!-- Ensure ''V-220955'' -match '2|ShouldBeAbsent'--> | ||
<OrganizationalSetting id="V-220955" ValueData="2" /> | ||
</OrganizationalSettings> |
Oops, something went wrong.