[BESAdmin-Announcements] BigFix Compliance Updated DISA STIG Checklist for Windows 2022 with bug fixes, published 2025-10-24

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Fri Oct 24 09:08:33 PDT 2025 

*Product: *BigFix Compliance

*Title:*
Updated DISA STIG Checklist for Windows 2022
<https://forum.bigfix.com/t/bigfix-compliance-updated-cis-checklist-for-windows-server-2019-published-2025-09-10/52686>
with bug fixes.

*Security Benchmark:*

DISA STIG Checklist for Windows 2022
<https://forum.bigfix.com/t/bigfix-compliance-updated-cis-checklist-for-windows-server-2019-published-2025-09-10/52686>
Benchmark, V2R5

*Published Sites:*
DISA STIG Checklist for Windows 2022
<https://forum.bigfix.com/t/bigfix-compliance-updated-cis-checklist-for-windows-server-2019-published-2025-09-10/52686>,
site version 16.
(The site version is provided for air-gap customers.)

*Details: *

Total New Fixlets: 0

Total Updated Fixlets: 5

Total Deleted Fixlets: 0

Total Fixlets in Site: 220

*UPDATED:*

o   Windows Server 2022 Deny access to this computer from the network user
right on domain-joined member servers must be configured to prevent access
from highly privileged domain accounts and local accounts and from
unauthenticated access on all systems.

o   Windows Server 2022 Deny log on through Remote Desktop Services user
right on domain-joined member servers must be configured to prevent access
from highly privileged domain accounts and all local accounts and from
unauthenticated access on all systems.

o   Windows Server 2022 Deny log on locally user right on domain-joined
member servers must be configured to prevent access from highly privileged
domain accounts and from unauthenticated access on all systems.

o   Windows Server 2022 Deny log on as a batch job user right on
domain-joined member servers must be configured to prevent access from
highly privileged domain accounts and from unauthenticated access on all
systems.

o   Windows Server 2022 Deny log on as a service user right on
domain-joined member servers must be configured to prevent access from
highly privileged domain accounts. No other groups or accounts must be
assigned this right.

·       Both analysis and remediation checks are included

·       Some of the checks allow you to use the parameterized setting to
enable customization for compliance evaluation. Note that parameterization
and remediation actions require the creation of a custom site.

*Actions to take:*

·       To subscribe to the above site, you can use the License Overview
Dashboard to enable and gather the site. Note that you must be entitled to
the BigFix Compliance product, and you must be using BigFix version 10 and
later.

·       If you use custom sites, update your custom sites accordingly to
use the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see
https://help.hcl-software.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html


*More information: *To know more information about the BigFix Compliance
SCM checklists, please see the following resources:

·       BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UYYRYb3SofshREYync5mCc2d5MUGb53t7OjOCBg%2BoJg%3D&reserved=0>

·       BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Denus%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sJEji05sRie522iksNIya8RoKSDGBtgSCKlAzsF0N%2Fo%3D&reserved=0>

We hope you find this latest release of SCM content useful and effective.
Thank you!

*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20251024/f7178643/attachment.html>

More information about the Besadmin-announcements mailing list