- WN12-00-000007 - Windows 2012/2012 R2 password for the built-in Administrator account must be changed at least annually or when a member of the administrative team leaves the organization.
- WN12-00-000011 - Windows 2012/2012 R2 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.
- WN12-00-000017 - System-related documentation must be backed up in accordance with local recovery time and recovery point objectives.
- WN12-00-000018 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
- WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
- WN12-00-000020 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
- WN12-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
- WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - LanManWorkstation
- WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - mrxsmb10
- WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - mrxsmb10
- WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled
- WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Patch
- WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater.
- WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements.
- WN12-AC-000005 - The maximum password age must meet requirements.
- WN12-AC-000006 - The minimum password age must meet requirements.
- WN12-AC-000007 - Passwords must, at a minimum, be 14 characters.
- WN12-AC-000008 - The built-in Windows password complexity policy must be enabled.
- WN12-AC-000009 - Reversible password encryption must be disabled.
- WN12-AU-000001 - The system must be configured to audit Account Logon - Credential Validation successes.
- WN12-AU-000002 - The system must be configured to audit Account Logon - Credential Validation failures.
