accepted The Windows Server 2008 R2 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows Server 2008 R2 Security Guide and security templates published by Microsoft Corporation. Comments or proposed revisions to this document should be sent via e-mail to the following address: fso_spt@disa.mil. Developed_by_DISA_for_the_DoD DISA, Field Security Operations STIG.DOD.MIL Release: 1 Benchmark Date: 25 May 2011 1 1.001 Inadequate physical protection can undermine all other security precautions utilized to protect the system. This can jeopardize the confidentiality, availability, and integrity of the system. Physical security of the AIS is the first line protection of any system.falseSystem AdministratorPECF-1 Relocate equipment to a controlled access area. Interview the SA to determine if equipment is located in an access controlled area. Servers will be located in rooms, or locked cabinets, that are accessible only to authorized systems personnel. Authorized user access should be verified at two points (i.e. building access and server room). 1.008 Shared accounts do not provide individual accountability for system access and resource usage.falseSystem AdministratorIAGA-1 Remove any shared accounts that do not meet the exception requirements listed. Interview the SA to determine if any shared accounts exist. Any shared account must be documented with the IAO. Documentation should include the reason for the account, who has access to this account, and how the risk of using a shared account (which provides no individual identification and accountability) is mitigated. As an example, a shared account may be permitted for a help desk or a site security personnel machine, if that machine is stand-alone and has no access to the network. 2.005 Failure to install the most current Windows service pack leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If a Windows OS is at an unsupported service pack this will be upgraded to a Category (CAT) I finding since new vulnerabilities may not be patched.trueUnsupported Service Packs will be upgraded to a CAT I finding.HKSystem AdministratorVIVM-1 Install the current approved service pack. From the menu bar, click “Start” and then “Run”. Type “winver.exe” in the dialog box and click OK. If the dialog box does not display “Microsoft Windows Server Version 6.1 (Build 7600)” or greater, then this is a finding. No Release Candidates or Beta versions will be used in a production environment. Application of new service packs should be thoroughly tested before deploying in a production environment. Documentable Explanation: Some managed systems such as DMS and GCSS receive service pack updates via system releases. In this case, the current approved application release should be installed.