DISA: Windows Server 2012 DC

This document provides information about the hotfix that contains Defense Information Systems Agency (DISA) template for Windows Server 2012 DC with implementation for 377 rules. The hotfix can be installed on TrueSight Server Automation 21.x and onwards.

Important

On the file server, check the value of the featureDisaWin12DCTemplate key in the content.version file, located in the %FILESERVER%\BladeLogic\storage\Content directory. Depending on the value, do one of the following:
- If the value is 22.2.00.000, you don’t need to perform the steps mentioned in this topic, as these templates are deployed as part of the 22.2 installation process.
- If the value is lower than 22.2.00.000, perform the steps mentioned in this topic to deploy these templates.
If existing template is customized, make sure to rename it before importing new one and performing below steps.
Ensure to review Template's local and global properties default values to match with organization standards

Before you begin

Before you install this hotfix, ensure that you perform the following:

Some policy settings require the installation of the SecGuide custom templates included with the STIG package. SecGuide.admx and SecGuide.adml (These files can be downloaded from Microsoft site)must be copied to the Target Machine at \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
Some policy settings require the installation of the MSS-Legacy custom templates included with the STIG package. MSS-Legacy.admx and MSS-Legacy.adml (These files can be downloaded from Microsoft site)must be copied to Target Machine at \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
Save a backup of the extended_objects folder, which is at the following location on the file server:
<File_Server_Root>/extended_objects/

Step 1: Downloading and installing the files

Download the DISA_Template_and_EO package from the EPD and extract its contents to a temporary location on the file server.

You must log in or register to view this page

Click here to expand checksum related information

Verify the downloaded content by using the following check sums.

S.No	File Name	MD5SUM
1	DISA - Windows Server 2012 DC.zip	832f33f2632c8ae5fe370e3c436e5b91
2	Extended_objects.zip	ca1fc98efb98e63b395f19c772e6946d

Step 2: Replacing the extended object scripts on the file server

Backup the extended_objects folder on the fileserver.
<File_Server_Root>/extended_objects/
Replace the extended object script files on your file server with the extracted Extended Object script files stored in the temporary location:
<temporary_location_on_file_server>/extended_objects/

Step 3: Importing the Compliance Content

Log in to the TrueSight Server Automation console.
Right click Component Templates and click Import.
Select Import (Version-neutral) and click OK.
Select the DISA - Windows Server 2012 DC zip package from the temporary location.

The DISA template for DISA Windows 2012 DC is available in the DISA - Windows Server 2012 DC.zip package.
To import the templates, select DISA - Windows Server 2012 DC.zip and click Next.
Note
Ensure that you select the Use existing objects and Preserve template group path options, before you click Next.
Navigate to the last screen of the wizard and click Finish.
Click OK. The templates are imported.

Rules within the template

The 377 rules provided in the zip package contains the following types of rules:

Rules that check for compliance (audit) and provides remediation - 176
Rules that check for compliance(audit) but do not provide remediation - 138
Rules that do not check for compliance and do not provide remediation - 63

The following are the details of the rules that are divided into parts:

Rules not divided into parts = 367
Rules divided into two parts (3 Rules) so (3 * 2) = 6
Rules divided into four parts (1 Rule ) so (1 * 4) = 4

The current rule count according to DISA Windows 2012 DC template after running the compliance job is 377.