[BESAdmin-Announcements] BigFix Compliance: Updated DISA STIG Checklist for Windows 2022 with bug fixes, published 2025-09-15

[Announcements for BES Administrators]

*Product:*
BigFix Compliance

*Title:*
Updated DISA STIG Checklist for Windows 2022 with bug fixes

*Security Benchmark:*
Microsoft Windows Server 2022 STIG SCAP Benchmark, V2R4

*Published Sites:*
DISA STIG Checklist for Windows 2022, site version 14
(The site version is provided for air-gap customers.)

*Details:*

*Modified logics for these checks:*

●       Windows Server 2022 must be configured for certificate-based
authentication for domain controllers.

●       Windows Server 2022 lock pages in memory user right must not be
assigned to any groups or accounts.

*Modified logics and removed remediation for these checks:*

●       Windows Server 2022 Deny access to this computer from the network
user right on domain-joined member servers must be configured to prevent
access from highly privileged domain accounts and local accounts and from
unauthenticated access

●       Windows Server 2022 Deny log on through Remote Desktop Services
user right on domain-joined member servers must be configured to prevent
access from highly privileged domain accounts and all local accounts and
from unauthenticated access

●       Windows Server 2022 Deny log on locally user right on domain-joined
member servers must be configured to prevent access from highly privileged
domain accounts and from unauthenticated access on all systems.
●       Windows Server 2022 must preserve zone information when saving
attachments.

*Actions to take:*

●      To subscribe to the above site, you can use the License Overview
Dashboard to enable and gather the site. Note that you must be entitled to
the BigFix Compliance product, and you must be using BigFix version 10 and
later.

●       If you use custom sites, update your custom sites accordingly to
use the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see

https://help.hcltechsw.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html

*More information:*
To know more about the BigFix Compliance SCM checklists, please see the
following resources:

●       BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UYYRYb3SofshREYync5mCc2d5MUGb53t7OjOCBg%2BoJg%3D&reserved=0>

●       BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Denus%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sJEji05sRie522iksNIya8RoKSDGBtgSCKlAzsF0N%2Fo%3D&reserved=0>

We hope you find this latest release of SCM content useful and effective.
Thank you!

*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250916/e70c4b0c/attachment.html>