rename controls to register w/ git

controls/V-92975.rb → controls/SV-205624.rb

@@ -1,8 +1,8 @@
 # encoding: UTF-8
 
-control 'V-92975' do
-  title "Windows Server 2019 must automatically remove or disable temporary user accounts after #{input('temporary_account_period')*24} hours."
-  desc  "If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.
+ control 'SV-205624' do
+    title "Windows Server 2019 must automatically remove or disable temporary user accounts after #{input('temporary_account_period')} hours."
+    desc  "If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.
 
   Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation.
   If temporary accounts are used, the operating system must be configured to automatically terminate these types of accounts after a #{input('org_name')[:acronym]}-defined time period of #{input('temporary_account_period')*24} hours.

controls/V-92979.rb → controls/SV-205625.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92979" do
+control "SV-205625" do
   title "Windows Server 2019 must be configured to audit Account Management -
 Security Group Management successes."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-92981.rb → controls/SV-205626.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92981" do
+control "SV-205626" do
   title "Windows Server 2019 must be configured to audit Account Management -
 User Account Management successes."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-92983.rb → controls/SV-205627.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92983" do
+control "SV-205627" do
   title "Windows Server 2019 must be configured to audit Account Management -
 User Account Management failures."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-92985.rb → controls/SV-205628.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control 'V-92985' do
+control 'SV-205628' do
   title "Windows Server 2019 must be configured to audit Account Management -
 Computer Account Management successes."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-93141.rb → controls/SV-205629.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93141" do
+control "SV-205629" do
   title "Windows Server 2019 must have the number of allowed bad logon attempts
 configured to #{input('max_pass_lockout')} or less."
   desc  "The account lockout feature, when enabled, prevents brute-force

controls/V-93143.rb → controls/SV-205630.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93143" do
+control "SV-205630" do
   title "Windows Server 2019 must have the period of time before the bad logon
 counter is reset configured to #{input('pass_lock_time')} minutes or greater."
   desc  "The account lockout feature, when enabled, prevents brute-force

controls/V-93147.rb → controls/SV-205631.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93147" do
+control "SV-205631" do
   title "Windows Server 2019 required legal notice must be configured to
 display before console logon."
   desc  "Failure to display the logon banner prior to a logon attempt will

controls/V-93149.rb → controls/SV-205632.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93149" do
+control "SV-205632" do
   title "Windows Server 2019 title for legal banner dialog box must be configured with the appropriate text."
   desc  "Failure to display the logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources."
   desc  "rationale", ""

controls/V-92961.rb → controls/SV-205633.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92961" do
+control "SV-205633" do
   title "Windows Server 2019 machine inactivity limit must be set to 15 minutes
 or less, locking the system with the screen saver."
   desc  "Unattended systems are susceptible to unauthorized use and should be

controls/V-92967.rb → controls/SV-205634.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92967" do
+control "SV-205634" do
   title "Windows Server 2019 must be configured to audit logon successes."
   desc  "Maintaining an audit trail of system activity logs can help identify
 configuration errors, troubleshoot service disruptions, and analyze compromises

controls/V-92969.rb → controls/SV-205635.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92969" do
+control "SV-205635" do
   title "Windows Server 2019 must be configured to audit logon failures."
   desc  "Maintaining an audit trail of system activity logs can help identify
 configuration errors, troubleshoot service disruptions, and analyze compromises

controls/V-92971.rb → controls/SV-205636.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92971" do
+control "SV-205636" do
   title "Windows Server 2019 Remote Desktop Services must require secure Remote
 Procedure Call (RPC) communications."
   desc  "Allowing unsecure RPC communication exposes the system to

controls/V-92973.rb → controls/SV-205637.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92973" do
+control "SV-205637" do
   title "Windows Server 2019 Remote Desktop Services must be configured with
 the client connection encryption set to High Level."
   desc  "Remote connections must be encrypted to prevent interception of data

controls/V-93173.rb → controls/SV-205638.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93173" do
+control "SV-205638" do
   title "Windows Server 2019 command line data must be included in process
 creation events."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-93175.rb → controls/SV-205639.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93175" do
+control "SV-205639" do
   title "Windows Server 2019 PowerShell script block logging must be enabled."
   desc  "Maintaining an audit trail of system activity logs can help identify
 configuration errors, troubleshoot service disruptions, and analyze compromises

controls/V-93189.rb → controls/SV-205640.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93189" do
+control "SV-205640" do
   title "Windows Server 2019 permissions for the Application event log must
 prevent access by non-privileged accounts."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-93191.rb → controls/SV-205641.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93191" do
+control "SV-205641" do
   title "Windows Server 2019 permissions for the Security event log must
 prevent access by non-privileged accounts."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-93193.rb → controls/SV-205642.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93193" do
+control "SV-205642" do
   title "Windows Server 2019 permissions for the System event log must prevent
 access by non-privileged accounts."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-93197.rb → controls/SV-205643.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93197" do
+control "SV-205643" do
   title "Windows Server 2019 Manage auditing and security log user right must
 only be assigned to the Administrators group."
   desc  "Inappropriate granting of user rights can provide system,

controls/V-93151.rb → controls/SV-205644.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93151" do
+control "SV-205644" do
   title "Windows Server 2019 must force audit policy subcategory settings to
 override audit policy category settings."
   desc  "Maintaining an audit trail of system activity logs can help identify

controls/V-93481.rb → controls/SV-205645.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93481" do
+control "SV-205645" do
   title "Windows Server 2019 domain controllers must have a PKI server certificate."
   desc  "Domain controllers are part of the chain of trust for PKI authentications. Without the appropriate certificate, the authenticity of the domain controller cannot be verified. Domain controllers must have a server certificate to establish authenticity as part of PKI authentications in the domain."
   desc  "rationale", ""

controls/V-93483.rb → controls/SV-205646.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93483" do
+control "SV-205646" do
   title "Windows Server 2019 domain Controller PKI certificates must be issued by the #{input('org_name')[:acronym]} PKI or an approved External Certificate Authority (ECA)."
   desc  "A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions. The use of multiple CAs from separate PKI implementations results in interoperability issues. If servers and clients do not have a common set of root CA certificates, they are not able to authenticate each other."
   desc  "rationale", ""

controls/V-93485.rb → controls/SV-205647.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93485" do
+control "SV-205647" do
   title "Windows Server 2019 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA)."
   desc  "A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions."
   desc  "rationale", ""

controls/V-93487.rb → controls/SV-205648.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93487" do
+control "SV-205648" do
   title "Windows Server 2019 must have the #{input('org_name')[:acronym]} Root Certificate Authority (CA) certificates installed in the Trusted Root Store."
   desc  "To ensure secure #{input('org_name')[:acronym]} websites and #{input('org_name')[:acronym]}-signed code are properly validated, the system must trust the #{input('org_name')[:acronym]} Root CAs. The #{input('org_name')[:acronym]} root certificates will ensure that the trust chain is established for server certificates issued from the #{input('org_name')[:acronym]} CAs."
   desc  "rationale", ""

controls/V-93489.rb → controls/SV-205649.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93489" do
+control "SV-205649" do
   title "Windows Server 2019 must have the #{input('org_name')[:acronym]} Interoperability Root Certificate Authority (CA) cross-certificates installed in the Untrusted Certificates Store on unclassified systems."
   desc  "To ensure users do not experience denial of service when performing certificate-based authentication to #{input('org_name')[:acronym]} websites due to the system chaining to a root other than #{input('org_name')[:acronym]} Root CAs, the #{input('org_name')[:acronym]} Interoperability Root CA cross-certificates must be installed in the Untrusted Certificate Store. This requirement only applies to unclassified systems."
   desc  "rationale", ""

controls/V-93491.rb → controls/SV-205650.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93491" do
+control "SV-205650" do
   title "Windows Server 2019 must have the US #{input('org_name')[:acronym]} CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems."
   desc  "To ensure users do not experience denial of service when performing certificate-based authentication to #{input('org_name')[:acronym]} websites due to the system chaining to a root other than #{input('org_name')[:acronym]} Root CAs, the US #{input('org_name')[:acronym]} CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificate Store. This requirement only applies to unclassified systems."
   desc  "rationale", ""

controls/V-93493.rb → controls/SV-205651.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93493" do
+control "SV-205651" do
   title "Windows Server 2019 users must be required to enter a password to access private keys stored on the computer."
   desc  "If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure.
     The cornerstone of the PKI is the private key used to encrypt or digitally sign information.

controls/V-93459.rb → controls/SV-205652.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93459" do
+control "SV-205652" do
   title "Windows Server 2019 must have the built-in Windows password complexity policy enabled."
   desc  "The use of complex passwords increases their strength against attack. The built-in Windows password complexity policy requires passwords to contain at least three of the four types of characters (numbers, uppercase and lowercase letters, and special characters) and prevents the inclusion of user names or parts of user names."
   desc  "rationale", ""

controls/V-93465.rb → controls/SV-205653.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93465" do
+control "SV-205653" do
   title "Windows Server 2019 reversible password encryption must be disabled."
   desc  "Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords, which are easily compromised. For this reason, this policy must never be enabled."
   desc  "rationale", ""

controls/V-93467.rb → controls/SV-205654.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93467" do
+control "SV-205654" do
   title "Windows Server 2019 must be configured to prevent the storage of the LAN Manager hash of passwords."
   desc  "The LAN Manager hash uses a weak encryption algorithm and there are several tools available that use this hash to retrieve account passwords. This setting controls whether a LAN Manager hash of the password is stored in the SAM the next time the password is changed."
   desc  "rationale", ""

controls/V-93469.rb → controls/SV-205655.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93469" do
+control "SV-205655" do
   title "Windows Server 2019 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers."
   desc  "Some non-Microsoft SMB servers only support unencrypted (plain-text) password authentication. Sending plain-text passwords across the network when authenticating to an SMB server reduces the overall security of the environment. Check with the vendor of the SMB server to determine if there is a way to support encrypted password authentication."
   desc  "rationale", ""

controls/V-93471.rb → controls/SV-205656.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93471" do
+control "SV-205656" do
   title "Windows Server 2019 minimum password age must be configured to at least one day."
   desc  "Permitting passwords to be changed in immediate succession within the same day allows users to cycle passwords through their history database. This enables users to effectively negate the purpose of mandating periodic password changes."
   desc  "rationale", ""

controls/V-93473.rb → controls/SV-205657.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93473" do
+control "SV-205657" do
   title "Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days."
   desc  "The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the password. The built-in Administrator account is not generally used and its password not may be changed as frequently as necessary. Changing the password for the built-in Administrator account on a regular basis will limit its exposure.
     Organizations that use an automated tool, such Microsoft's Local Administrator Password Solution (LAPS), on domain-joined systems can configure this to occur more frequently. LAPS will change the password every \"30\" days by default."

controls/V-93475.rb → controls/SV-205658.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control 'V-93475' do
+control 'SV-205658' do
   title 'Windows Server 2019 passwords must be configured to expire.'
   desc  'Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked.'
   desc  'rationale', ''

controls/V-93477.rb → controls/SV-205659.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93477" do
+control "SV-205659" do
   title "Windows Server 2019 maximum password age must be configured to 60 days or less."
   desc  "The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the passwords. Scheduled changing of passwords hinders the ability of unauthorized system users to crack passwords and gain access to a system."
   desc  "rationale", ""

controls/V-93479.rb → controls/SV-205660.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93479" do
+control "SV-205660" do
   title "Windows Server 2019 password history must be configured to #{input('password_history_size')} passwords remembered."
   desc  "A system is more vulnerable to unauthorized access when system users recycle the same password several times without being required to change to a unique password on a regularly scheduled basis. This enables users to effectively negate the purpose of mandating periodic password changes. The default value is \"#{input('password_history_size')}\" for Windows domain systems. #{input('org_name')[:acronym]} has decided this is the appropriate value for all Windows systems."
   desc  "rationale", ""

controls/V-93461.rb → controls/SV-205661.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93461" do
+control "SV-205661" do
   title "Windows Server 2019 manually managed application account passwords must be at least #{input('minimum_password_length_manual')} characters in length."
   desc  "Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least #{input('minimum_password_length_manual')} characters in length."
   desc  "rationale", ""

controls/V-93463.rb → controls/SV-205662.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93463" do
+control "SV-205662" do
   title "Windows Server 2019 minimum password length must be configured to #{input('minimum_password_length')} characters."
   desc  "Information systems not protected with strong password schemes (including passwords of minimum length) provide the opportunity for anyone to crack the password, thus gaining access to the system and compromising the device, information, or the local network."
   desc  "rationale", ""

controls/V-92991.rb → controls/SV-205663.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92991" do
+control "SV-205663" do
   title "Windows Server 2019 local volumes must use a format that supports NTFS
 attributes."
   desc  "The ability to set access permissions and auditing is critical to

controls/V-92993.rb → controls/SV-205664.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92993" do
+control "SV-205664" do
   title "Windows Server 2019 non-administrative accounts or groups must only
 have print permissions on printer shares."
   desc  "Windows shares are a means by which files, folders, printers, and

controls/V-92995.rb → controls/SV-205665.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92995" do
+control "SV-205665" do
   title "Windows Server 2019 Access this computer from the network user right must only be assigned to the Administrators, Authenticated Users, and Enterprise Domain Controllers groups on domain controllers."
   desc  "Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.
     Accounts with the \"Access this computer from the network\" right may access resources on the system, and this right must be limited to those requiring it."

controls/V-92997.rb → controls/SV-205666.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92997" do
+control "SV-205666" do
   title "Windows Server 2019 Allow log on through Remote Desktop Services user
 right must only be assigned to the Administrators group on domain controllers."
   desc  "Inappropriate granting of user rights can provide system,

controls/V-92999.rb → controls/SV-205667.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-92999" do
+control "SV-205667" do
   title "Windows Server 2019 Deny access to this computer from the network user
 right on domain controllers must be configured to prevent unauthenticated
 access."

controls/V-93001.rb → controls/SV-205668.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93001" do
+control "SV-205668" do
   title "Windows Server 2019 Deny log on as a batch job user right on domain
 controllers must be configured to prevent unauthenticated access."
   desc  "Inappropriate granting of user rights can provide system,

controls/V-93003.rb → controls/SV-205669.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93003" do
+control "SV-205669" do
   title "Windows Server 2019 Deny log on as a service user right must be
 configured to include no accounts or groups (blank) on domain controllers."
   desc  "Inappropriate granting of user rights can provide system,

controls/V-93005.rb → controls/SV-205670.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93005" do
+control "SV-205670" do
   title "Windows Server 2019 Deny log on locally user right on domain
 controllers must be configured to prevent unauthenticated access."
   desc  "Inappropriate granting of user rights can provide system,

controls/V-93007.rb → controls/SV-205671.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-control "V-93007" do
+control "SV-205671" do
   title "Windows Server 2019 Access this computer from the network user right
 must only be assigned to the Administrators and Authenticated Users groups on
 domain-joined member servers and standalone systems."