Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, "Use the vendor's guidance." Here is the vendor's guidance. Please see these three new blog posts:

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL – This post includes a zipped download containing documentation, GPO backups, scripts for installing GPOs locally, custom ADMX/ADML for new settings, and WMI filters for use with AD group policy. Note that corresponding CAB files for the Security Compliance Manager (SCM) will be published before the end of the month.

Configuring Account Lockout – the baseline settings for account lockout changed since the beta (and since previous baselines). This post explains why and the tradeoffs organizations need to consider to determine the right account lockout policy for them.

 

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta – This post describes the rest of the changes that were made between the beta and the final.

Comments

• Anonymous
  October 17, 2016
  Aaron,I understand this is an old post, but do you happen to have an example of NIST saying this? My organization keeps clinging to the term USGCB, but I'm fairly certain it hasn't been updated in over 6 years.[Aaron Margosis] NIST's guidance on this has "evolved," but see Rev 3 of 800-70 - in particular page 2 in the Executive Summary. Link here.