CIS: Windows Server 2019
This topic provides information about the hotfix containing Center for Internet Security (CIS) templates for Windows Server 2019 with implementation for 448 rules that can be installed on TrueSight Server Automation 20.x or later. This template is created based on the recommended settings defined by Microsoft Windows Server 2019 Security Configuration Benchmark Version 4.0.0, published on July 23rd, 2025.
Before you begin
- Before you install this hotfix, ensure that all compliance content provided by BMC in your environment is at least updated to 20.02.x or later version.
- If the existing template is customized, make sure to rename it before importing new one and performing the following steps.
- Make sure you have reviewed the default values for the Template's local and global properties to match the organization standards.
- Set the target server's DOMAIN property to DC when you run compliance jobs on domain controller targets.
- Leave the DOMAIN property blank for member servers and standalone systems.
Step 1: Downloading and installing the files
- To download the CIS - Windows Server 2019 package, perform the following steps:
- Log in to BMC EPD Website.
- Go to Additional Products tab, and then under View By Category, select Server Automation.
- Go to:
- True Sight Server Automation > True Sight Server Automation 25.2.0.0 or
- True Sight Server Automation Compliance Module > True Sight Server Automation Compliance Module 25.2.0.0
- Download the TSSA 25.2.00 CIS Updates for Windows 2019, which includes the following:
- CIS - Windows Server 2019.zip
- CIS_Microsoft_Windows_Server_2019_Benchmark_v4.0.0.pdf
- RELEASE_NOTES_FOR_HOTFIX_OF_CIS_WINDOWS_2019.docx
- Verify the downloaded content by using the following checksums.
S.No
File Name
MD5SUM
1
CIS - Windows Server 2019.zip
6c247b4c31b001a4ceb145f868addfc7
- Move the CIS - Windows Server 2019 package to your RCP client server.
Step 2: Importing the compliance content
- Log on to the console.
- Right-click Component Templates and select Import.
- Select the Import (Version-neutral) option and click OK.
- Select the updated CIS - Windows Server 2019.zip package from the temporary location.
The CIS template for CIS - Windows Server 2019 is available in the CIS - Windows Server 2025.zip package. To import the templates, select the CIS - Windows Server 2019.zip and click Next.
- Make sure you select the Use existing objects and Preserve template group path options and click Next.
- Go to the last screen of the wizard and click Finish.
- Click Ok.
The templates are imported successfully and are shown under CIS Compliance Content > CIS.
Rules within the templates
The following are the details of the 448 rules provided in the zip package. It contains the following types of rules:
- Rules that check for compliance(audit) and provides remediation = 425
- Rules that check for compliance(audit) but do not provide remediation = 23
- Rules that do not check for compliance and do not provide remediation = 0
The following are the details of the rules that are divided into parts:
- Rules not divided into parts = 423
- Rules divided into two parts (6 Rules) so (6* 2) = 12
- Rules divided into four parts (2 Rule) so (2 * 4) = 8
- Rules divided into five parts (1 Rule) so (1 * 5) = 5
So, the current rule count according to CIS Windows 2019 template after running the compliance job is 448 (423+ 12+8+5).