CIS: Windows Server 2016

This topic provides information about the Center for Internet Security (CIS) template for Windows Server 2016, Version 2.0.0 published on April 14, 2023. This template contains implementation for 435 rules that can be installed on TrueSight Server Automation 20.x or later.

  • The existing customized template is renamed before you import the new one (by performing the steps given below).

Before you begin

Before you import this template, make sure that the following requirements are met:

  • Check the default values for the template's local and global properties and make sure that they meet the organization standards.
  • Rename any existing customized template before you import the latest template.
  • Perform the following tasks before you run the compliance checks or perform remediation: 
    • When you run compliance jobs on domain controller targets, set the DOMAIN property of the target server to DC. 
    • Leave the DOMAIN property blank for member servers (non-domain systems) and standalone systems.

Step 1: Download the files

  1. Access the following EPD link and click TSSA 23.2.00 CIS Updates for Windows Server 2016 to download the CIS - Windows Server 2016 package:
    You must log in or register to view this page
  2. Expand to view the checksum-related information

    Verify the downloaded content by using checksums:

    S.No

    File Name

    MD5SUM

    1

    CIS - Windows Server 2016.zip

    df87aae798da57aa874aac6199bb6b11

  3. Move the CIS - Windows Server 2016.zip file to the server where the TrueSight Server Automation console is installed.

Step 2: Import the compliance content

  1. Log in to the TrueSight Server Automation console.
  2. Right-click Component Templates and select Import.
    component_templates.png
  3. Select the Import (Version-neutral) option and click OK.
    version_neutral.png

  4. Select the CIS - Windows Server 2016 .zip package from the temporary location and click Next.
    The CIS template for CIS - Windows Server 2016 is available in the CIS - Windows Server 2016 .zip  package.

    zip file.png

  5. Select the Use existing objects and Preserve template group path options, and click Next.
    template_selection.png
  6. Navigate to the last screen of the wizard and then click Finish.
    finish.png
  7. After the template is imported successfully, Click OK.
    The imported template is displayed under CIS Compliance Content  >  CIS.
    successful.png 

Rules within the template

The 435 rules provided in the zip package contain the following types of rules:

  • Rules that check for compliance (audit) and provide remediation—412
  • Rules that check for compliance (audit) but do not provide remediation—21
  • Rules that do not check for compliance and do not provide remediation—2

The following are the details of the rules that are divided into parts:

  • Rules not divided into parts = 402
  • Rules divided into two parts (5 Rules) so (5* 2) = 10
  • Rules divided into four parts (2 Rules) so (2* 4) = 8
  • Rules divided into five parts (1 Rule) so (1* 5) = 5
  • Rules divided into ten parts (1 Rule) so (1* 10) = 10

The current rule count according to CIS Windows 2016  template after running the compliance job is 435 (402+10+8+5+10).

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*