| | DisplayName | Description | ID | Type |
|---|
 | Intellectual Property Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to support the data classification of files containing intellectual property (IP) using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_01d4c8b6_ccb5_4fad_b1ab_50fbab7794a5 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Network Protection | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure anti-spoofing network settings within the operating system. | ID_03bcd8af_665b_4502_b205_0b5beaa5a995 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure Authorized Protocols | This control activity guides the IT professional through configuration of the local operating system protocol settings. | ID_081c1360_4c15_4499_916d_ac38090b9f99 | System.Compliance.ManualControlActivityProjection |
| Password Attributes | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure account password parameters to address password format, visibility, and lifespan to reduce the chance of brute-force or shoulder-surfing compromises. | ID_12cc5c96_00dc_4ea7_906e_f8d9deea281f | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize Event Consolidation, Correlation, and Recreation through Logs | Consolidate, correlate, and recreate events using the Windows Event Log. | ID_139ef24d_c049_44df_b603_844e263af265 | System.Compliance.ManualControlActivityProjection |
| Network Protection | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure anti-spoofing network settings within the operating system. | ID_14f448c6_6452_4277_a10b_36b6f93d4be1 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure Local Firewall Parameters | This control activity guides the IT professional through configuration of the local operating system firewall. | ID_169133b3_e2d8_4a23_b306_490e71bd7051 | System.Compliance.ManualControlActivityProjection |
| Proceduralize the Configuration of System Security Parameters | Maintain a procedure by which operating system kernel security, system virtual memory clearing, and stack protection is managed. | ID_17b61d57_d402_4b85_b65e_383771644aa8 | System.Compliance.ManualControlActivityProjection |
| Log Access Limitation | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure roles and rights management so that only authorized accounts can access operating system logs to prevent information disclosure or changing the log contents. | ID_19e9c4ac_dfdf_442f_a5d6_eafdc2d44649 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Logging Configuration | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure the Event Log service to ensure availability and transactional integrity to ensure that all transactions are able to log any errors. | ID_1d7fb2fc_af67_4b75_8bee_a45423a8665b | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Encryption Configuration | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure algorithms and their use within the operating system to protect data at rest and in transit. | ID_20d07c22_bc19_40e1_95ee_a909879d2fd7 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Defaults | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure default accounts and authentication values to nondefault accounts and values to prevent unauthorized access with commonly known credentials. | ID_30d2cb99_e767_42c0_adcf_3d278b77a0da | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Confidential File Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to support the data classification of files containing confidential information using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_324c4c47_149a_45bd_bd77_c0b7585f516d | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize Remote Access Connectivity Management | Maintain a procedure to facilitate authorized remote access connectivity and to prevent unapproved remote access methods. | ID_327bf33a_d253_4582_9f90_5eba0ce09d92 | System.Compliance.ManualControlActivityProjection |
| Password Attributes | Use the WS2008R2SP1 Domain Security Compliance 1.0 baseline to configure account password parameters to address password format, visibility, and lifespan, to reduce the chance of brute-force or shoulder-surfing compromises. | ID_32fff182_b70d_4937_b9af_5b19e4ec4350 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize Log Service Availability Management | Maintain a procedure by which log service failure is detected and remediated within a specified timeframe or in accordance with a service level agreement. | ID_33c15c17_0197_41fe_8a22_48ccdf821965 | System.Compliance.ManualControlActivityProjection |
| Proceduralize the Restriction of Access to Logs | Maintain a procedure to ensure that access to system logs is restricted to authorized personnel. | ID_391a783c_d7e8_4d67_9342_be5bd0882eec | System.Compliance.ManualControlActivityProjection |
| System Services | Use the WS2008R2SP1 Remote Desktop Services Security Compliance 1.0 baseline to configure the Remote Desktop role through system services to ensure that only authorized services are enabled. | ID_39a74857_16db_4e50_abfe_2a8ed5306188 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| File Retention Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to move files with expired retention dates using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_3b9904aa_79fb_4159_bfa9_2ff9610a4061 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| File Impact Level Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to support the data classification of files according to the degree of impact on the organization if they are lost or accessed by unauthorized parties using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_3f75cc2b_0558_4caf_bb8e_89b988cc2976 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Event Logging | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure the Event Log service to ensure that events relevant to compliance are recorded so that they may be used to investigate compliance violations. | ID_40ceb513_6ac2_421c_a0d4_aebf984bf706 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize the Preservation of Original Log Files | Maintain a logging function of assets that creates reference copies of log files to support investigations without affecting original log files. | ID_460dfe54_f0fb_43f1_90d0_789d94b70d7b | System.Compliance.ManualControlActivityProjection |
| System Services | Use the WS2008R2SP1 File Server Security Compliance 1.0 to configure the File Server role through system services to ensure that only authorized services are enabled. | ID_4dffe477_a05d_4f49_ab79_6290455cc880 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Log Meaningful Events | This control activity guides the IT professional through configuration of the Event Log service to ensure that events that are relevant to compliance are recorded. Such events include the creation/modification/deletion of files, directories, and user accounts. | ID_5151d52d_25d7_4e15_a500_c9c3451fcca4 | System.Compliance.ManualControlActivityProjection |
| Identity Management | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure accounts to prevent the use of duplicate identities, in order to allow the organization to determine which individual is associated with a specific action performed by an account. | ID_529de798_1595_4725_b532_700d78557a37 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| PHI Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to support the data classification of files containing protected health information (PHI) using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_53549db3_0f63_446d_9a12_a4ad0ce4c6dc | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 Network Access Services Server Security Compliance 1.0 baseline to configure the Network Access Services Server role through system services to ensure that only authorized services are enabled. | ID_56f93395_a4f9_4553_bfb5_b6b00e10644b | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Identity Management | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure accounts to prevent the use of duplicate identities, in order to allow the organization to determine which individual is associated with a specific action performed by an account. | ID_59764c34_7ff9_46c0_8ec3_85844e1cd329 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 AD Certificate Services Server Security Compliance 1.0 baseline to configure the Active Directory Certificate Services (AD CS) role through system services to ensure that only authorized services are enabled. | ID_6cdb20fd_7eb2_48ae_a553_ae66ee801a86 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Key Management | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure encryption key use and storage within the operating system to prevent unauthorized access. | ID_709b49bc_e5c1_41d5_8549_c253d775c1b1 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Password Attributes | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure account password parameters to address password format, visibility, and lifespan to reduce the chance of brute-force or shoulder-surfing compromises. | ID_710132b8_5d35_45e9_bc2c_6b6115e8998e | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Session Configuration | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure session parameters to ensure disconnection and resumption occur in a controlled manner to reduce the chances of a compromised session. | ID_747fe1c3_b2ed_462c_80f3_0e2fe46de0d7 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Key Management | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure encryption key use and storage within the operating system to prevent unauthorized access. | ID_7587f0ed_9b04_492d_bab0_94517dc3ae0d | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Least Functionality | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure operating system features and functionality, to only those necessary and authorized by the organization, to narrow the operating system's attack surface. | ID_766c651c_d38d_4bb7_9fb8_214744eea627 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Account Lock | Use the WS2008R2SP1 Domain Security Compliance 1.0 baseline to configure user authentication to lock accounts after unsuccessful logon attempts in order to reduce the chance of brute-force attacks. | ID_76ffe64d_4236_4450_93d3_bf0839283090 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 Hyper-V Security Compliance 1.0 baseline to configure the Hyper-V role through system services to ensure that only authorized services are enabled. | ID_778b8a2b_656b_4ad1_97f8_f45f28e37439 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize the Monitoring of Access to Sensitive Data | Maintain a procedure to monitor access to sensitive data as defined by the organization's data classification or equivalent policy. | ID_786a34c1_6e6f_4fed_9eb7_f6b242fac17b | System.Compliance.ManualControlActivityProjection |
| Protocol Configuration | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure the local operating system protocol settings to ensure only authorized protocols are used and that their attack profiles are minimized. | ID_7b3f9294_576c_4c8b_98b8_78b1f360cfef | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure the Domain Controller role through system services to ensure that only authorized services are enabled. | ID_8596b30c_4899_46d5_9001_3330fe2a5665 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Name Resolution | Maintain a procedure by which domain name service is configured to an authorized source, limited to authorized zone transfer recipients, and configured for redundancy. | ID_86657a03_8eb4_4c54_b200_0f13703f005d | System.Compliance.ManualControlActivityProjection |
| Least Functionality | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure operating system features and functionality to only those necessary and authorized by the organization, in order to narrow the operating system's attack surface. | ID_887c1df6_2d22_437b_ae24_7fae9dc74e05 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize Capacity and Availability Monitoring | Monitor assets for capacity and availability thresholds, alert when thresholds are exceeded, and respond to alerts as required by your organization’s incident management process. | ID_8d7e3bf6_21cc_407c_8c0d_9a7ad7d9857a | System.Compliance.ManualControlActivityProjection |
| Least Privilege | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure roles and rights management to reduce available actions to only those authorized by the organization. | ID_8e558081_620a_486c_9755_60e2392ac2c2 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 Web Server Security Compliance 1.0 baseline to configure the Web Server role through system services to ensure that only authorized services are enabled. | ID_96ce4315_da67_4d3c_becd_bf31571ab4f4 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 DNS Server Security Compliance 1.0 baseline to configure the DNS role through system services to ensure that only authorized services are enabled. | ID_992262c1_8fc0_464e_a24c_f28cee4a3d09 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Authentication Types | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure two-factor authentication to prevent unauthorized access if an account ID and password is compromised. | ID_9e8a53af_f6ff_46bb_a01b_73138ec96683 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Defaults | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure default accounts and authentication values to nondefault accounts and values to prevent unauthorized access with commonly known credentials. | ID_a2eac2a6_e5f8_4c6a_91d4_a302d7051286 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize the Data Classification Process | Maintain a procedure by which sensitive or personal data is classified, and labelled. | ID_a5f005fa_787c_4d9c_979a_fe7c1faaf489 | System.Compliance.ManualControlActivityProjection |
| Proceduralize Vendor Access Management | Maintain a procedure to allow asset administrators to grant access to vendors for a required specified duration to conduct legitimate work by creating or enabling vendor accounts that are associated with the individuals performing the work. | ID_a819bfec_7f1e_4097_8762_963765509287 | System.Compliance.ManualControlActivityProjection |
| Least Privilege | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure roles and rights management to reduce available actions to only those authorized by the organization. | ID_ab9587df_1abd_49c5_b808_9436ffb756fd | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure SNMP Parameters | This control activity guides the IT professional through a process to reconfigure default SNMP values to custom values. | ID_b0c61d31_19cd_41cd_8376_c032c2bd48a7 | System.Compliance.ManualControlActivityProjection |
| Proceduralize Access Lock Management | Maintain a procedure that allows asset administrators to remove access locks that are triggered by access attempt failures. | ID_b4c87e61_288b_497d_94f1_4ea0e9c04d38 | System.Compliance.ManualControlActivityProjection |
| Event Logging | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure the Event Log service to ensure that events relevant to compliance are recorded so that they may be used to investigate compliance violations. | ID_bac1bfd8_e703_4e47_8712_0a451a256e88 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Encryption Configuration | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure algorithms and their use within the operating system to protect data at rest and in transit. | ID_be2cdc0c_8076_4363_a1b8_f4181d9cb3ac | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Proceduralize the Data Retention Process | Maintain a procedure by which logs are retained for the period prescribed by your organization, default system documentation is removed, and demonstration applications are removed.
Log Retention Configuration
Default Documentation Removal
Demonstration Application Removal | ID_c5e879c9_262e_496e_8ff4_f17772b8b0bb | System.Compliance.ManualControlActivityProjection |
| Session Configuration | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure session parameters to ensure disconnection and resumption occur in a controlled manner to reduce the chances of a compromised session. | ID_c6572522_1826_4828_b648_df3c7f83316d | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Log Access Limitation | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure roles and rights management so that only authorized accounts may access operating system logs to prevent information disclosure or changing the log contents. | ID_cd57b844_2a23_4717_b0ad_3d35149231c8 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Protocol Configuration | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure the local operating system protocol settings to ensure only authorized protocols are used and that their attack profiles are minimized. | ID_cf7ec8cf_74d0_4391_9f51_e9ff51df9d94 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure Encryption | This control activity guides the IT professional through configuring the use of FIPS-compliant protocols and algorithms within the operating system. | ID_d72ca42f_37c6_4163_aa49_e41db42f9e9b | System.Compliance.ManualControlActivityProjection |
| Authentication Types | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure two-factor authentication to prevent unauthorized access if an account ID and password is compromised. | ID_d88c754c_8dd0_41e3_a00e_17722b7bcf75 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Integrity | Use the WS2008R2SP1 Domain Controller Security Compliance 1.0 baseline to configure settings that log conditions affecting the integrity of a system, such as whether it is infected, improperly configured, or unable to log events. | ID_dcc6215c_7629_4be8_bc49_44083cdbebc4 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure Local Time and Clock Parameters | This control activity guides the IT professional through the process of configuring a Windows Server 2008 server as an authoritative time server. | ID_e15cd04e_4245_4f93_9a76_e50ed2adbec8 | System.Compliance.ManualControlActivityProjection |
| Configure User Notification Parameters | This control activity guides the IT professional through the configuration of local operating system settings that control warning banners. | ID_e9f8337e_27b9_4224_be66_6c77a72229f4 | System.Compliance.ManualControlActivityProjection |
| Proceduralize Error and Fault Logging | Monitor for qualified errors and faults within deployed assets. | ID_ec7871cf_2af1_48d0_b7cd_fc741c485997 | System.Compliance.ManualControlActivityProjection |
| Configure Network Security Parameters | This control activity guides the IT professional through configuring anti-spoofing network settings within the operating system. | ID_ee01620d_dd71_4cdf_8bc5_72ff12264dfe | System.Compliance.ManualControlActivityProjection |
| Proceduralize the Authorization of Services | Maintain a procedure by which services are authorized for enablement. | ID_ee195bb4_aaf6_4e3a_9566_f33f93013f68 | System.Compliance.ManualControlActivityProjection |
| PII Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to support the data classification of files containing personally identifiable information (PII) using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_ee563983_a800_4c1b_a5d8_83172b5e6532 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure Data Backup Functionality | This control activity guides the IT professional through configuration of the local operating system data backup settings. | ID_f1fccb33_8b78_4f30_9e3c_09a9fe67f6c6 | System.Compliance.ManualControlActivityProjection |
| System Services | Use the WS2008R2SP1 DHCP Server Security Compliance 1.0 baseline to configure the DHCP role through system services to ensure that only authorized services are enabled. | ID_f2712152_91e7_47af_a75e_1bb57f49b9b9 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Integrity | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure settings that log conditions affecting the integrity of a system, such as whether it is infected, improperly configured, or unable to log events. | ID_f3d4cdca_6bbb_485d_af2b_bf412be213b9 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| System Services | Use the WS2008R2SP1 Print Server Security Compliance 1.0 baseline to configure the Print Server role through system services to ensure that only authorized services are enabled. | ID_f58c26bc_5ba8_4861_a670_319d0bb72b80 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Configure Authentication Types | This control activity guides the IT professional through configuration of two-factor authentication. | ID_f8260793_1879_4513_b429_1939e9e41d23 | System.Compliance.ManualControlActivityProjection |
| Logging Configuration | Use the WS2008R2SP1 Member Server Security Compliance 1.0 baseline to configure the Event Log service to ensure availability and transactional integrity to ensure that all transactions are able to log any errors. | ID_f90ec2e7_74c3_45a6_b08b_b486e09cee02 | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
| Discoverable File Classification | Use the WS2008R2SP1 File Server FCI 1.0 baseline to configure the file servers in scope to support the data classification of discoverable files using the File Classification Infrastructure (FCI) feature in Windows Server 2008 R2. | ID_ff7fefb4_4bba_443b_a66b_9b33109089ff | Microsoft.SystemCenter.ConfigurationManager.ControlActivityProjection |
Home