TOC & Recently Viewed

Recently Viewed Topics

Appendix B: Example Windows Compliance File

Note: The following file is available from the Tenable Support Portal. The actual file may have updates that are not reflected here. This particular script name is called financial_microsoft_windows_user_audit_guideline_v2.audit and is based on common hardening guides for user administration. This policy looks for a reasonable password policy, account lockout policy and ensures that login events are logged to the Windows event log.

# (C) 2008 Tenable Network Security

#

# This script is released under the Tenable Subscription License and

# may not be used from within scripts released under another license

# without authorization from Tenable Network Security Inc.

#

# See the following licenses for details:

#

# http://cgi.tenablesecurity.com/Nessus_3_SLA_and_Subscription_Agreement.pdf

# http://cgi.tenablesecurity.com/Subscription_Agreement.pdf

#

# @PROFESSIONALFEED@

#

# $Revision: 1.2 $

# $Date: 2008/10/07 15:48:17 $

#

# Synopsis: This file will be read by compliance_check.nbin

# to check compliance of a Windows host to

# typical financial institution audit policy

#

 

<check_type:"Windows" version:"2">

<group_policy:"User audit guideline">

 

<item>

name: "Enforce password history"

value: 24

</item>

 

<item>

name: "Maximum password age"

value: 90

</item>

 

<item>

name: "Minimum password age"

value: 1

</item>

 

<item>

name: "Minimum password length"

value: [12..14]

</item>

 

<item>

name: "Account lockout duration"

value: [15..30]

</item>

 

<item>

name: "Account lockout threshold"

value: [3..5]

</item>

 

<item>

name: "Reset lockout account counter after"

value: [15..30]

</item>

 

<item>

name: "Audit account logon events"

value: "Success, Failure"

</item>

 

<item>

name: "Audit logon events"

value: "Success, Failure"

</item>

 

</group_policy>

</check_type>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.