DISA: Windows Server 2022
This topic provides information about the Defense Information Systems Agency (DISA) STIG template for Windows Server 2022, Version 1 release 3 published on June 7, 2023. This template contains implementation for 274 rules that can be installed on TrueSight Server Automation 20.x or later.
- The existing customized template is renamed before you import the new one (by performing the steps given below).
Before you begin
Before you import this template, make sure that the following requirements are met:
- Check the default values for the template's local and global properties and make sure that they meet the organization standards.
- Rename any existing customized template before you import the latest template.
- Back up the extended_objects folder located in the <APPRSERVER_INSTALL_DIR>/share/sensors directory on all the Application Servers in a multiple Application Server environment. This folder contains the extended object scripts.
- Perform the following tasks before you run the compliance checks or perform remediation:
- When you run compliance jobs on domain controller targets, set the DOMAIN property of the target server to DC.
- Leave the DOMAIN property blank for member servers (non-domain systems) and standalone systems.
Copy the SecGuide custom templates (SecGuide.admx and SecGuide.adml) on all the target servers under the \Windows\PolicyDefinitions and the \Windows\PolicyDefinitions\en-US directories respectively.
Copy the MSS-Legacy custom templates (MSS-Legacy.admx and MSS-Legacy.adml) on all the target servers under the \Windows\PolicyDefinitions and the \Windows\PolicyDefinitions\en-US directories respectively.
Step 1: Download the files
- Access the following EPD link and click TSSA 23.2.00 DISA STIG Updates for Windows 2022 to download the DISA - Windows Server 2022 package:
- Extract the contents of the ExtendedObjects.zip file to a temporary directory and copy the extracted files to the existing <APPRSERVER_INSTALL_DIR>/share/sensors directory on all the Application Servers.
- Move the DISA_Windows_2022_V1R3_STIG.zip file to the server where the TrueSight Server Automation console is installed.
Step 2: Import the compliance content
- Log in to the TrueSight Server Automation console.
- Right-click Component Templates and select Import.
- Select the Import (Version-neutral) option and click OK.
Select the DISA - Windows Server 2022.zip package from the temporary location and click Next.
The DISA template for DISA - Windows Server 2022 is available in the DISA - Windows Server 2022.zip package.
- Select the Update objects according to the imported package and Preserve template group path options, and click Next.
- Navigate to the last screen of the wizard and then click Finish.
- After the template is imported successfully, Click OK.
The imported template is displayed under DISA Compliance Content > DISA STIG Revised.
Rules within the template
The 274 rules provided in the zip package contain the following types of rules:
- Rules that check for compliance (audit) and provide remediation—192
- Rules that check for compliance (audit) but do not provide remediation—36
- Rules that do not check for compliance and do not provide remediation—46
The following are the details of the rules that are divided into parts:
- Rules not divided into parts = 272
- Rules divided into two parts (1 Rule) so (1* 2) = 2
The current rule count according to DISA Windows 2022 template after running the compliance job is 274 (272+2).