[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:gov.nist.usgcb.xp:def:30
Audit Directory Service Access

oval:gov.nist.usgcb.xp:def:32
Audit logon events

oval:gov.nist.usgcb.xp:def:35
Audit policy changes

oval:gov.nist.usgcb.xp:def:34
Audit object access

oval:gov.nist.usgcb.xp:def:37
Audit system events

oval:gov.nist.usgcb.xp:def:36
Audit privilege use

oval:org.secpod.oval:def:15290
The 'Enable User to Use Media Source While Elevated' policy should be set correctly.

oval:gov.nist.USGCB.xpfirewall:def:51041
Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ...

oval:gov.nist.usgcb.xp:def:169
Administrators may change the system time

oval:gov.nist.usgcb.xp:def:22
Passwords must be stored using reversible encryption for all users in the domain

oval:gov.nist.usgcb.xp:def:21
Passwords must meet complexity requirements

oval:gov.nist.usgcb.xp:def:24
Account lockout threshold is the profile defined number of invalid logon attempts

oval:gov.nist.usgcb.xp:def:23
This definition verifies that locked accounts remains locked for the defined number of minutes before they are automatically unlocked.

oval:gov.nist.usgcb.xp:def:26
Reset account lockout counters after the profile defined number of minutes

oval:gov.nist.usgcb.xp:def:27
Audit account logon events

oval:gov.nist.usgcb.xp:def:29
Audit account management

oval:org.secpod.oval:def:15266
CD-ROM Autorun should be properly configured.

oval:org.secpod.oval:def:7970
Anti-virus is installed and up-to-date

oval:org.secpod.oval:def:15381
The 'Windows Firewall: Define program exceptions' policy should be configured correctly for the Domain Profile.

oval:org.secpod.oval:def:15142
The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly .

oval:gov.nist.usgcb.xp:def:100205
do not process the run once list

oval:org.secpod.oval:def:15140
Disable saving of dial-up passwords should be properly configured.

oval:gov.nist.usgcb.xp:def:198
This definition tests the maximum allowed size of the security log is at least as big as the supplied value.

oval:gov.nist.usgcb.xp:def:100208
configure automatic updates

oval:gov.nist.usgcb.xp:def:197
This definition tests the maximum allowed size of the application log is at least as big as the supplied value.

oval:gov.nist.usgcb.xp:def:199
This definition tests the maximum allowed size of the system log is at least as big as the supplied value.

oval:gov.nist.usgcb.xp:def:17
Maximum password age is the profile defined number of days

oval:gov.nist.usgcb.xp:def:16
Password history enforcement is enabled and the profile defined number of passwords are remembered

oval:gov.nist.usgcb.xp:def:19
Minimum password length is the profile defined number of characters

oval:gov.nist.usgcb.xp:def:18
Minimum password age is the profile defined number of days

oval:org.secpod.oval:def:15277
The 'Terminate session when time limits are reached' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15270
Auditing of 'process tracking' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15274
The 'Always Prompt Client for Password upon Connection' policy should be set correctly for Terminal Services.

oval:gov.nist.usgcb.xp:def:6725
This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min)

oval:gov.nist.usgcb.xp:def:181
LOCAL SERVICE and NETWORK SERVICE may generate security audits

oval:gov.nist.usgcb.xp:def:6726
You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Terminal Services allows users to disconnect from a remote session without logging off and ending the session. (1 min)

oval:org.secpod.oval:def:7715
The Screen Saver Executable Name setting should be configured correctly for the current user.

oval:org.secpod.oval:def:7716
The "Screen Saver Timeout" setting should be configured correctly for the default user.

oval:org.secpod.oval:def:7717
The settings of screen saver should be enabled or disabled as appropriate for the current user.

oval:gov.nist.usgcb.xp:def:6714
Prompt for password on resume from hibernate / suspend

oval:gov.nist.usgcb.xp:def:6708
Screen Saver timeout

oval:org.secpod.oval:def:15096
The 'restrict guest access to application log' policy should be set correctly.

oval:gov.nist.usgcb.xp:def:6027
Audit: Shut down system immediately if unable to log security audits

oval:gov.nist.usgcb.xp:def:6707
Password protect the screen saver

oval:org.secpod.oval:def:15188
Membership in the Backup Operators group should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:15180
The 'Anonymous access to the security event log' policy should be set correctly.

oval:org.secpod.oval:def:15186
The required auditing for %SystemDrive% directory should be enabled.

oval:org.secpod.oval:def:15193
The 'Log Successful Connections' option for the Windows Firewall should be configured correctly for the Standard Profile.

oval:org.secpod.oval:def:15072
The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled.

oval:org.secpod.oval:def:15197
the 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices' setting should be configured correctly.

oval:gov.nist.usgcb.xp:def:6121
Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer.

oval:gov.nist.usgcb.xp:def:6122
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

oval:org.secpod.oval:def:15323
The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly .

oval:org.secpod.oval:def:15324
The 'Prevent Codec Download' policy should be set correctly for Windows MediaPlayer.

oval:org.secpod.oval:def:15325
The 'Anonymous access to the application event log' policy should be set correctly.

oval:gov.nist.USGCB.xpfirewall:def:5111
The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ...

oval:gov.nist.usgcb.xp:def:6596
Do not allow passwords to be saved

oval:gov.nist.usgcb.xp:def:6595
Disable remote Desktop Sharing

oval:org.secpod.oval:def:15318
Always Wait for the Network at Computer Startup and Logon should be properly configured.

oval:gov.nist.usgcb.xp:def:205
Retention method for system log

oval:org.secpod.oval:def:15330
Membership in the Remote Desktop Users group should be assigned to the appropriate accounts.

oval:gov.nist.USGCB.xpfirewall:def:5100
The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ...

oval:gov.nist.usgcb.xp:def:204
Retention method for security log

oval:gov.nist.USGCB.xpfirewall:def:5101
The Windows Firewall: Do not allow exceptions setting specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages. If you enable this policy setting in the Windows Firewall component of Co ...

oval:gov.nist.usgcb.xp:def:203
This definition tests the retention method for the application log. Possible methods are - overwrite as necessary, do not overwrite, or overwrite events older than X seconds.

oval:gov.nist.USGCB.xpfirewall:def:5107
Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ...

oval:org.secpod.oval:def:15328
The 'Limit Number of Connections' policy should be set correctly for Terminal Services.

oval:gov.nist.USGCB.xpfirewall:def:5109
Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ...

oval:org.secpod.oval:def:15305
The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile.

oval:gov.nist.usgcb.xp:def:110
MSS: (AutoAdminLogon) Enable Automatic Logon disabled

oval:gov.nist.usgcb.xp:def:115
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds

oval:org.secpod.oval:def:15310
Dr. Watson Crash Dumps should be properly configured.

oval:gov.nist.usgcb.xp:def:6563
Offer Remote Assistance

oval:gov.nist.usgcb.xp:def:83
Microsoft network server: Amount of idle time required before suspending session

oval:gov.nist.usgcb.xp:def:6565
Restrictions for Unauthenticated RPC clients

oval:gov.nist.usgcb.xp:def:105
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

oval:gov.nist.usgcb.xp:def:6566
RPC Endpoint Mapper Client Authentication

oval:org.secpod.oval:def:15124
The 'restrict guest access to system log' policy should be set correctly.

oval:org.secpod.oval:def:15126
The 'Limit Users to One Remote Session' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15362
The 'Prevent IIS Installation' setting should be configured correctly.

oval:gov.nist.usgcb.xp:def:71
Set message title for users attempting to log on

oval:gov.nist.usgcb.xp:def:70
Set message text for users attempting to log on

oval:gov.nist.usgcb.xp:def:74
Prompt user to change password before expiration

oval:gov.nist.USGCB.xpfirewall:def:6008
The Windows Firewall port exceptions list should be defined by Group Policy, which allows you to centrally manage and deploy your port exceptions and ensure that local administrators do not create less secure settings. The Windows Firewall: Define port exceptions policy setting allows you to central ...

oval:org.secpod.oval:def:15377
Processing of the legacy run list on logon should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15135
Automatic Reboot After System Crash should be properly configured.

oval:org.secpod.oval:def:15378
The 'CD Burning features in Windows Explorer' should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15257
The 'Anonymous access to the system event log' policy should be set correctly.

oval:org.secpod.oval:def:15379
The 'Windows Firewall: Apply local firewall rules' policy should be configured correctly for the Domain profile.

oval:org.secpod.oval:def:15373
The 'Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)' policy should be set correctly.

oval:org.secpod.oval:def:15374
The 'Windows Firewall: Inbound connections' policy should be configured correctly for the Domain Profile.

oval:org.secpod.oval:def:15372
The 'Windows Firewall: Outbound connections' policy should be configured correctly for the Domain profile.

oval:org.secpod.oval:def:15251
Membership in the Power Users group should be assigned to the appropriate accounts.

oval:gov.nist.usgcb.xp:def:60
Warn for unsigned driver installation

oval:gov.nist.usgcb.xp:def:62
Digitally encrypt secure channel data (when possible)

oval:gov.nist.usgcb.xp:def:123
MSS (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires

oval:gov.nist.usgcb.xp:def:61
Digitally encrypt or sign secure channel data (always)

oval:gov.nist.usgcb.xp:def:243
This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user.

oval:gov.nist.usgcb.xp:def:63
Digitally sign secure channel data (when possible)

oval:gov.nist.usgcb.xp:def:66
Require strong (Windows 2000 or later) session key

oval:gov.nist.usgcb.xp:def:65
Maximum machine account password age is profile defined number of days

oval:org.secpod.oval:def:15343
Domain Profile: Do not allow exceptions (SP2 only)

oval:org.secpod.oval:def:15228
The 'restrict guest access to security log' policy should be set correctly.

oval:org.secpod.oval:def:15340
The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile.

oval:gov.nist.USGCB.xpfirewall:def:5011
The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ...

oval:gov.nist.USGCB.xpfirewall:def:5016
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5015
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5014
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5013
The Windows Firewall: Allow local port exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall can use two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions poli ...

oval:gov.nist.USGCB.xpfirewall:def:5017
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:org.secpod.oval:def:15234
The 'Remote Control Settings' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15117
The 'Enable User to Patch Elevated Products' policy should be set correctly.

oval:org.secpod.oval:def:15239
Auditing of 'process tracking' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15357
The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15358
The 'Log Dropped Packets' option for the Windows Firewall should be configured correctly for the Standard Profile.

oval:org.secpod.oval:def:15230
The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled.

oval:org.secpod.oval:def:15352
Standard Profile: Define port exceptions (SP2 only)

oval:gov.nist.USGCB.xpfirewall:def:5000
The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ...

oval:gov.nist.USGCB.xpfirewall:def:5005
This setting allows file and printer sharing by configuring Windows Firewall to open UDP ports 137 and 138 and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall opens these ports so that the computer can receive print jobs and requests for access to shared files. You must sp ...

oval:gov.nist.USGCB.xpfirewall:def:5004
Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ...

oval:gov.nist.USGCB.xpfirewall:def:5003
The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that ...

oval:gov.nist.USGCB.xpfirewall:def:5009
Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ...

oval:gov.nist.USGCB.xpfirewall:def:5008
The Windows Firewall: Allow UPnP framework exception setting allows a computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To receive these messages, Windows Firewall opens TCP port 2869 and UDP port 1900. If you enable this policy ...

oval:gov.nist.USGCB.xpfirewall:def:5007
Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ...

oval:gov.nist.USGCB.xpfirewall:def:5006
The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this pol ...

oval:org.secpod.oval:def:5645
Verify that all users are assigned a unique ID for access to system components or cardholder data and also verify that users are authenticated using unique ID and additional authentication (for example, a password) for access to the cardholder data environment.

oval:org.secpod.oval:def:5646
Verify that inactive accounts over 90 days old are either removed or disabled.

CPE    1
cpe:/o:microsoft:windows_xp
CCE    126
CCE-3055-1
CCE-2906-6
CCE-4390-1
CCE-3176-5
...
*XCCDF
xccdf_org.secpod_benchmark_Windows_XP

© 2013 SecPod Technologies