Update PowerSTIG to successfully parse/apply Microsoft SQL Server 201…

…6 Instance Version 2; Release 1 (#766) * added support for 2016 instance 2.1 * removed tabs from xccdf and processed xml
microsoft · Nov 2, 2020 · 78ee5ff · 78ee5ff
1 parent 232a4a7
commit 78ee5ff
Show file tree

Hide file tree

Showing 6 changed files with 637 additions and 812 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## [Unreleased]
 
+* Update PowerSTIG to successfully parse/apply Microsoft SQL Server 2016 Instance Version 2; Release 1: [#761](https://github.com/microsoft/PowerStig/issues/761)
 * Update PowerSTIG to successfully parse/apply Microsoft Outlook 2016 Version 2; Release 1: [#767](https://github.com/microsoft/PowerStig/issues/767)
 * Update spacing in DoD logon script: [#757](https://github.com/microsoft/PowerStig/issues/757)
 * Update PowerSTIG to Increase Code Coverage of Unit Tests: [#737](https://github.com/microsoft/PowerStig/issues/737)

diff --git a/source/StigData/Archive/SQL Server/U_MS_SQL_Server_2016_Instance_STIG_V1R9_Manual-xccdf.log b/source/StigData/Archive/SQL Server/U_MS_SQL_Server_2016_Instance_STIG_V1R9_Manual-xccdf.log
diff --git a/source/StigData/Archive/SQL Server/U_MS_SQL_Server_2016_Instance_STIG_V2R1_Manual-xccdf.log b/source/StigData/Archive/SQL Server/U_MS_SQL_Server_2016_Instance_STIG_V2R1_Manual-xccdf.log
@@ -0,0 +1,3 @@
+V-213968::If  "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing" is not enabled, this is a finding.::If the value for "System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing" is not "enabled", this is a finding.
+V-213976::Local Security Policy >> Local Policies >> Security Options::""
+V-213967::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'; ValueData = 1; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 1; ValueName = 'Enabled'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'Dword'}
diff --git a/..._2016_Instance_STIG_V1R9_Manual-xccdf.xml → ..._2016_Instance_STIG_V2R1_Manual-xccdf.xml b/..._2016_Instance_STIG_V1R9_Manual-xccdf.xml → ..._2016_Instance_STIG_V2R1_Manual-xccdf.xml
diff --git a/...lServer-2016-Instance-1.9.org.default.xml → ...lServer-2016-Instance-2.1.org.default.xml b/...lServer-2016-Instance-1.9.org.default.xml → ...lServer-2016-Instance-2.1.org.default.xml
@@ -5,4 +5,4 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="1.9" />
+<OrganizationalSettings fullversion="2.1" />