Checklist Details for Windows Server 2003 STIG Version 6 Release 1.33

(Checklist Revisions)

Checklist Highlights

Checklist Name:
Windows Server 2003 STIG
Version 6 Release 1.33
Review Status:
Governmental Authority: Defense Information Systems Agency
Target Product:
Target Product CPE Name Product Category
Microsoft Internet Explorer cpe:/a:microsoft:ie (View CVEs)
  • Web Browser
Microsoft Windows Server 2003 cpe:/o:microsoft:windows_2003_server (View CVEs)
  • Operating System
NetMeeting cpe:/a:microsoft:netmeeting (View CVEs)
  • Desktop Application
Microsoft Windows Media Player cpe:/a:microsoft:windows_media_player (View CVEs)
  • Desktop Application
Microsoft Windows Messenger (View CVEs)
  • Desktop Application
Microsoft Windows Server 2003 Service Pack 2 cpe:/o:microsoft:windows_2003_server::sp2 (View CVEs)
  • Operating System
Microsoft Windows Server 2003 Service Pack 3 cpe:/o:microsoft:windows_2003_server::sp3 (View CVEs)
  • Operating System
Microsoft Windows Server 2003 Service Pack 1 cpe:/o:microsoft:windows_2003_server::sp1 (View CVEs)
  • Operating System
Checklist Summary:
The Windows Server 2003 Security Checklist is composed of three major sections and several appendices. The organizational breakdown proceeds as follows: Section 1- Introduction This section contains summary information about the sections and appendices that comprise the Windows Server 2003 Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. Section 2- Automated System Check Procedures This section contains summary information for running the Gold Disk. Section 3- Manual System Check Procedures This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities. Appendix A- Object Permissions This appendix documents the allowed Access Control Lists (ACLs) for file and registry objects. The tables contained in this section are referenced in Section 3. Appendix B- Information Assurance Vulnerability Management (IAVM) Compliance This appendix contains checks for IAVM compliance to be done against a Windows Server 2003 machine. Appendix C- MS Group Policy Analysis Tools This appendix provides information for the use of Microsoft tools for analyzing group policy. Appendix D- Windows VMS Asset Creation and Findings Import Procedures for Reviewers and Self Assessments This appendix documents the procedures for creating assets and importing findings into VMS 6.0 Appendix E- Joint Task Force - Global Network Operations (JTF-GNO) Communications Tasking Orders (CTO) Compliance This appendix identifies Windows specific requirements from JTF-GNO CTOs. Appendix F- SRR Results Report This section is the matrix that allows the reviewer to document vulnerabilities discovered during the SRR process. The entries in this table are mapped to the manual procedures in Section 3 and appendix B.
Checklist Role:
  • Web Browser
  • Operating System
  • Desktop Application
Known Issues:
Not provided.
Target Audience:
This document is designed to instruct the reviewer on how to assess Windows Server 2003 configurations in Windows 2000, or Windows 2003 domains. In addition, the security settings recommended can also be used to configure Group Policy in a Windows 2000 or Windows 2003 Active Directory environment Field Security Operations- DISA Sites are required to secure the Microsoft Windows Server 2003 operating system in accordance with DOD Directive 8500.1, Section 4.18 (and related footnote). The checks in this document were developed from DOD guidelines specified in the above reference, as well as the Windows Server 2003 security guides and security templates published by the Microsoft Corporation.
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Not provided.
Product Support:
Not provided.
Point of Contact:
Not provided.
Not provided.
Change History:
Version 6, Release 1.33 - 25 July 2014
Version 6, Release 1.32 - 25 April 2014
Version 6, Release 1.31 - 24 January 2014
Version 6, Release 1.30 - 25 October 2013
Version 6, Release 1.29 - 24 July 2013
Version 6, Release 1.28 - 29 March 2013
Version 6, Release 1.27 - 26 October 2012
Version 6, Release 1.26 - 27 July 2012
Version 6, Release 1.25 - 27 April 2012
Version 6, Release 1.24 - 27 January 2012
Version 6, Release 1.23 - 27 October 2011
Version 6, Release 1.22 - 28 July 2011
Version 6, Release 1.21 - 29 April 2011
Version 6, Release 1.20 - 31 December 2010
Version 6, Release 1.19 - 27 August 2011
Added point of contact - 04 January 2015
NIST checklist record last modified on 01/04/2015