Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V3R1 Redux #118

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
818 changes: 818 additions & 0 deletions Gemfile.lock

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions controls/V-92975.rb → controls/SV-205624.rb
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# encoding: UTF-8

control 'V-92975' do
title "Windows Server 2019 must automatically remove or disable temporary user accounts after #{input('temporary_account_period')*24} hours."
desc "If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.
control 'SV-205624' do
title "Windows Server 2019 must automatically remove or disable temporary user accounts after #{input('temporary_account_period')} hours."
desc "If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.

Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation.
If temporary accounts are used, the operating system must be configured to automatically terminate these types of accounts after a #{input('org_name')[:acronym]}-defined time period of #{input('temporary_account_period')*24} hours.
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92979.rb → controls/SV-205625.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92979" do
control "SV-205625" do
title "Windows Server 2019 must be configured to audit Account Management -
Security Group Management successes."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92981.rb → controls/SV-205626.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92981" do
control "SV-205626" do
title "Windows Server 2019 must be configured to audit Account Management -
User Account Management successes."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92983.rb → controls/SV-205627.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92983" do
control "SV-205627" do
title "Windows Server 2019 must be configured to audit Account Management -
User Account Management failures."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92985.rb → controls/SV-205628.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control 'V-92985' do
control 'SV-205628' do
title "Windows Server 2019 must be configured to audit Account Management -
Computer Account Management successes."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93141.rb → controls/SV-205629.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93141" do
control "SV-205629" do
title "Windows Server 2019 must have the number of allowed bad logon attempts
configured to #{input('max_pass_lockout')} or less."
desc "The account lockout feature, when enabled, prevents brute-force
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93143.rb → controls/SV-205630.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93143" do
control "SV-205630" do
title "Windows Server 2019 must have the period of time before the bad logon
counter is reset configured to #{input('pass_lock_time')} minutes or greater."
desc "The account lockout feature, when enabled, prevents brute-force
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93147.rb → controls/SV-205631.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93147" do
control "SV-205631" do
title "Windows Server 2019 required legal notice must be configured to
display before console logon."
desc "Failure to display the logon banner prior to a logon attempt will
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93149.rb → controls/SV-205632.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93149" do
control "SV-205632" do
title "Windows Server 2019 title for legal banner dialog box must be configured with the appropriate text."
desc "Failure to display the logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92961.rb → controls/SV-205633.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92961" do
control "SV-205633" do
title "Windows Server 2019 machine inactivity limit must be set to 15 minutes
or less, locking the system with the screen saver."
desc "Unattended systems are susceptible to unauthorized use and should be
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92967.rb → controls/SV-205634.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92967" do
control "SV-205634" do
title "Windows Server 2019 must be configured to audit logon successes."
desc "Maintaining an audit trail of system activity logs can help identify
configuration errors, troubleshoot service disruptions, and analyze compromises
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92969.rb → controls/SV-205635.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92969" do
control "SV-205635" do
title "Windows Server 2019 must be configured to audit logon failures."
desc "Maintaining an audit trail of system activity logs can help identify
configuration errors, troubleshoot service disruptions, and analyze compromises
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92971.rb → controls/SV-205636.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92971" do
control "SV-205636" do
title "Windows Server 2019 Remote Desktop Services must require secure Remote
Procedure Call (RPC) communications."
desc "Allowing unsecure RPC communication exposes the system to
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92973.rb → controls/SV-205637.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92973" do
control "SV-205637" do
title "Windows Server 2019 Remote Desktop Services must be configured with
the client connection encryption set to High Level."
desc "Remote connections must be encrypted to prevent interception of data
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93173.rb → controls/SV-205638.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93173" do
control "SV-205638" do
title "Windows Server 2019 command line data must be included in process
creation events."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93175.rb → controls/SV-205639.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93175" do
control "SV-205639" do
title "Windows Server 2019 PowerShell script block logging must be enabled."
desc "Maintaining an audit trail of system activity logs can help identify
configuration errors, troubleshoot service disruptions, and analyze compromises
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93189.rb → controls/SV-205640.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93189" do
control "SV-205640" do
title "Windows Server 2019 permissions for the Application event log must
prevent access by non-privileged accounts."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93191.rb → controls/SV-205641.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93191" do
control "SV-205641" do
title "Windows Server 2019 permissions for the Security event log must
prevent access by non-privileged accounts."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93193.rb → controls/SV-205642.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93193" do
control "SV-205642" do
title "Windows Server 2019 permissions for the System event log must prevent
access by non-privileged accounts."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93197.rb → controls/SV-205643.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93197" do
control "SV-205643" do
title "Windows Server 2019 Manage auditing and security log user right must
only be assigned to the Administrators group."
desc "Inappropriate granting of user rights can provide system,
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93151.rb → controls/SV-205644.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93151" do
control "SV-205644" do
title "Windows Server 2019 must force audit policy subcategory settings to
override audit policy category settings."
desc "Maintaining an audit trail of system activity logs can help identify
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93481.rb → controls/SV-205645.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93481" do
control "SV-205645" do
title "Windows Server 2019 domain controllers must have a PKI server certificate."
desc "Domain controllers are part of the chain of trust for PKI authentications. Without the appropriate certificate, the authenticity of the domain controller cannot be verified. Domain controllers must have a server certificate to establish authenticity as part of PKI authentications in the domain."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93483.rb → controls/SV-205646.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93483" do
control "SV-205646" do
title "Windows Server 2019 domain Controller PKI certificates must be issued by the #{input('org_name')[:acronym]} PKI or an approved External Certificate Authority (ECA)."
desc "A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions. The use of multiple CAs from separate PKI implementations results in interoperability issues. If servers and clients do not have a common set of root CA certificates, they are not able to authenticate each other."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93485.rb → controls/SV-205647.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93485" do
control "SV-205647" do
title "Windows Server 2019 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA)."
desc "A PKI implementation depends on the practices established by the Certificate Authority (CA) to ensure the implementation is secure. Without proper practices, the certificates issued by a CA have limited value in authentication functions."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93487.rb → controls/SV-205648.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93487" do
control "SV-205648" do
title "Windows Server 2019 must have the #{input('org_name')[:acronym]} Root Certificate Authority (CA) certificates installed in the Trusted Root Store."
desc "To ensure secure #{input('org_name')[:acronym]} websites and #{input('org_name')[:acronym]}-signed code are properly validated, the system must trust the #{input('org_name')[:acronym]} Root CAs. The #{input('org_name')[:acronym]} root certificates will ensure that the trust chain is established for server certificates issued from the #{input('org_name')[:acronym]} CAs."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93489.rb → controls/SV-205649.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93489" do
control "SV-205649" do
title "Windows Server 2019 must have the #{input('org_name')[:acronym]} Interoperability Root Certificate Authority (CA) cross-certificates installed in the Untrusted Certificates Store on unclassified systems."
desc "To ensure users do not experience denial of service when performing certificate-based authentication to #{input('org_name')[:acronym]} websites due to the system chaining to a root other than #{input('org_name')[:acronym]} Root CAs, the #{input('org_name')[:acronym]} Interoperability Root CA cross-certificates must be installed in the Untrusted Certificate Store. This requirement only applies to unclassified systems."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93491.rb → controls/SV-205650.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93491" do
control "SV-205650" do
title "Windows Server 2019 must have the US #{input('org_name')[:acronym]} CCEB Interoperability Root CA cross-certificates in the Untrusted Certificates Store on unclassified systems."
desc "To ensure users do not experience denial of service when performing certificate-based authentication to #{input('org_name')[:acronym]} websites due to the system chaining to a root other than #{input('org_name')[:acronym]} Root CAs, the US #{input('org_name')[:acronym]} CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificate Store. This requirement only applies to unclassified systems."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93493.rb → controls/SV-205651.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93493" do
control "SV-205651" do
title "Windows Server 2019 users must be required to enter a password to access private keys stored on the computer."
desc "If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure.
The cornerstone of the PKI is the private key used to encrypt or digitally sign information.
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93459.rb → controls/SV-205652.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93459" do
control "SV-205652" do
title "Windows Server 2019 must have the built-in Windows password complexity policy enabled."
desc "The use of complex passwords increases their strength against attack. The built-in Windows password complexity policy requires passwords to contain at least three of the four types of characters (numbers, uppercase and lowercase letters, and special characters) and prevents the inclusion of user names or parts of user names."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93465.rb → controls/SV-205653.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93465" do
control "SV-205653" do
title "Windows Server 2019 reversible password encryption must be disabled."
desc "Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords, which are easily compromised. For this reason, this policy must never be enabled."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93467.rb → controls/SV-205654.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93467" do
control "SV-205654" do
title "Windows Server 2019 must be configured to prevent the storage of the LAN Manager hash of passwords."
desc "The LAN Manager hash uses a weak encryption algorithm and there are several tools available that use this hash to retrieve account passwords. This setting controls whether a LAN Manager hash of the password is stored in the SAM the next time the password is changed."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93469.rb → controls/SV-205655.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93469" do
control "SV-205655" do
title "Windows Server 2019 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers."
desc "Some non-Microsoft SMB servers only support unencrypted (plain-text) password authentication. Sending plain-text passwords across the network when authenticating to an SMB server reduces the overall security of the environment. Check with the vendor of the SMB server to determine if there is a way to support encrypted password authentication."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93471.rb → controls/SV-205656.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93471" do
control "SV-205656" do
title "Windows Server 2019 minimum password age must be configured to at least one day."
desc "Permitting passwords to be changed in immediate succession within the same day allows users to cycle passwords through their history database. This enables users to effectively negate the purpose of mandating periodic password changes."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93473.rb → controls/SV-205657.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93473" do
control "SV-205657" do
title "Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days."
desc "The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the password. The built-in Administrator account is not generally used and its password not may be changed as frequently as necessary. Changing the password for the built-in Administrator account on a regular basis will limit its exposure.
Organizations that use an automated tool, such Microsoft's Local Administrator Password Solution (LAPS), on domain-joined systems can configure this to occur more frequently. LAPS will change the password every \"30\" days by default."
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93475.rb → controls/SV-205658.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control 'V-93475' do
control 'SV-205658' do
title 'Windows Server 2019 passwords must be configured to expire.'
desc 'Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked.'
desc 'rationale', ''
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93477.rb → controls/SV-205659.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93477" do
control "SV-205659" do
title "Windows Server 2019 maximum password age must be configured to 60 days or less."
desc "The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the passwords. Scheduled changing of passwords hinders the ability of unauthorized system users to crack passwords and gain access to a system."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93479.rb → controls/SV-205660.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93479" do
control "SV-205660" do
title "Windows Server 2019 password history must be configured to #{input('password_history_size')} passwords remembered."
desc "A system is more vulnerable to unauthorized access when system users recycle the same password several times without being required to change to a unique password on a regularly scheduled basis. This enables users to effectively negate the purpose of mandating periodic password changes. The default value is \"#{input('password_history_size')}\" for Windows domain systems. #{input('org_name')[:acronym]} has decided this is the appropriate value for all Windows systems."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93461.rb → controls/SV-205661.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93461" do
control "SV-205661" do
title "Windows Server 2019 manually managed application account passwords must be at least #{input('minimum_password_length_manual')} characters in length."
desc "Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least #{input('minimum_password_length_manual')} characters in length."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93463.rb → controls/SV-205662.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93463" do
control "SV-205662" do
title "Windows Server 2019 minimum password length must be configured to #{input('minimum_password_length')} characters."
desc "Information systems not protected with strong password schemes (including passwords of minimum length) provide the opportunity for anyone to crack the password, thus gaining access to the system and compromising the device, information, or the local network."
desc "rationale", ""
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92991.rb → controls/SV-205663.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92991" do
control "SV-205663" do
title "Windows Server 2019 local volumes must use a format that supports NTFS
attributes."
desc "The ability to set access permissions and auditing is critical to
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92993.rb → controls/SV-205664.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92993" do
control "SV-205664" do
title "Windows Server 2019 non-administrative accounts or groups must only
have print permissions on printer shares."
desc "Windows shares are a means by which files, folders, printers, and
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92995.rb → controls/SV-205665.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92995" do
control "SV-205665" do
title "Windows Server 2019 Access this computer from the network user right must only be assigned to the Administrators, Authenticated Users, and Enterprise Domain Controllers groups on domain controllers."
desc "Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.
Accounts with the \"Access this computer from the network\" right may access resources on the system, and this right must be limited to those requiring it."
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92997.rb → controls/SV-205666.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92997" do
control "SV-205666" do
title "Windows Server 2019 Allow log on through Remote Desktop Services user
right must only be assigned to the Administrators group on domain controllers."
desc "Inappropriate granting of user rights can provide system,
Expand Down
2 changes: 1 addition & 1 deletion controls/V-92999.rb → controls/SV-205667.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-92999" do
control "SV-205667" do
title "Windows Server 2019 Deny access to this computer from the network user
right on domain controllers must be configured to prevent unauthenticated
access."
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93001.rb → controls/SV-205668.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93001" do
control "SV-205668" do
title "Windows Server 2019 Deny log on as a batch job user right on domain
controllers must be configured to prevent unauthenticated access."
desc "Inappropriate granting of user rights can provide system,
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93003.rb → controls/SV-205669.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93003" do
control "SV-205669" do
title "Windows Server 2019 Deny log on as a service user right must be
configured to include no accounts or groups (blank) on domain controllers."
desc "Inappropriate granting of user rights can provide system,
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93005.rb → controls/SV-205670.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93005" do
control "SV-205670" do
title "Windows Server 2019 Deny log on locally user right on domain
controllers must be configured to prevent unauthenticated access."
desc "Inappropriate granting of user rights can provide system,
Expand Down
2 changes: 1 addition & 1 deletion controls/V-93007.rb → controls/SV-205671.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# encoding: UTF-8

control "V-93007" do
control "SV-205671" do
title "Windows Server 2019 Access this computer from the network user right
must only be assigned to the Administrators and Authenticated Users groups on
domain-joined member servers and standalone systems."
Expand Down
Loading
Loading