[BESAdmin-Announcements] BigFix Compliance: Updated DISA STIG Checklist for Windows Server 2019 with bug fixes, published 2025-09-11

[Announcements for BES Administrators]

*Product:*

BigFix Compliance

*Title:*
Updated DISA STIG Checklist for Windows Server 2019 with bug fixes

*Security Benchmark:*
Microsoft Windows Server 2019 STIG SCAP Benchmark, V3R4

*Published Sites:*
DISA STIG Checklist for Windows Server 2019, site version 21
(The site version is provided for air-gap customers.)


*Details:*

*Modified logics for these checks:*

●       Windows Server 2019 must be configured for certificate-based
authentication for domain controllers.

●       Windows Server 2019 Lock pages in memory user right must not be
assigned to any groups or accounts.

*Modified logics and removed remediation for these checks:*

●       Windows Server 2019 "Deny access to this computer from the network"
user right on domain-joined member servers must be configured to prevent
access from highly privileged domain accounts and local accounts and from
unauthenticated access

●       Windows Server 2019 "Deny log on through Remote Desktop Services"
user right on domain-joined member servers must be configured to prevent
access from highly privileged domain accounts and all local accounts and
from unauthenticated access

●       Windows Server 2019 "Deny log on locally" user right on
domain-joined member servers must be configured to prevent access from
highly privileged domain accounts and from unauthenticated access on all
systems.

●       Windows Server 2019 must preserve zone information when saving
attachments.





*Actions to take:*

●      To subscribe to the above site, you can use the License Overview
Dashboard to enable and gather the site. Note that you must be entitled to
the BigFix Compliance product, and you must be using BigFix version 10 and
later.

●       If you use custom sites, update your custom sites accordingly to
use the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see

https://help.hcltechsw.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html

*More information:*
To know more about the BigFix Compliance SCM checklists, please see the
following resources:

●       BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UYYRYb3SofshREYync5mCc2d5MUGb53t7OjOCBg%2BoJg%3D&reserved=0>

●       BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Denus%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sJEji05sRie522iksNIya8RoKSDGBtgSCKlAzsF0N%2Fo%3D&reserved=0>

We hope you find this latest release of SCM content useful and effective.
Thank you!

*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250912/b1e98b84/attachment.html>