PowerStig

• Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 and 2012 R2 DC STIG - Ver 3, Rel 1: #784
• Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 and 2012 R2 MS STIG - Ver 3, Rel 1: #785
• Update PowerSTIG to successfully parse/apply Microsoft Windows 10 STIG - Ver 2, Rel 1: #783
• Update PowerSTIG to successfully parse/apply Microsoft Windows Defender Antivirus STIG - Ver 2, Rel 1: #786
• Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2016 STIG - Ver 2, Rel 1: #782
• Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2019 STIG - Ver 2, Rel 1 #787
• Update PowerSTIG to successfully parse/apply Google Chrome V2R1: #709
• Update PowerSTIG to include LegacyId to assist in determining Legacy Vuln Ids with the new DISA standard: #788
• Update PowerSTIG to include LegacyId query via Get-StigRule function: #800
• Fixed: Update PowerSTIG to fix LegacyId logic: #791
• Fixed: Update PowerSTIG to correctly parse Windows Server 2019 DC - LDAP SecurityOptionRule: #804

• Provide Method to install DoD Root Certs for Server OS and Client OS: #755
• Update Windows 10 Client STIGs based on ACAS results: #778
• Update PowerSTIG to Provide Rule Data from Processed xml: #747
• Update PowerSTIG to send a warning to the user when using a composite that leverages the new DISA Ids: #772
• Update PowerSTIG to successfully parse/apply Microsoft Office System 2013 STIG - Ver 2, Rel 1: #769
• Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server DNS STIG - Ver 2, Rel 1: #760
• Update PowerSTIG to successfully parse/apply Microsoft SQL Server 2016 Instance Version 2; Release 1: #761
• Update PowerSTIG to successfully parse/apply Microsoft Outlook 2016 Version 2; Release 1: #767
• Update spacing in DoD logon script: #757
• Update PowerSTIG to Increase Code Coverage of Unit Tests: #737
• Update PowerSTIG with new SkipRuleSeverity Parameter to skip entire STIG Category/Severity Level(s): #711
• Update PowerSTIG to successfully parse/apply Microsoft IIS 10 SITE/SERVER STIG - Ver 2, Rel 1: #759
• Update PowerSTIG to successfully parse/apply IIS 8.5 Site/Server V2R1 STIGs: #762

• Fixed #746: Functions.Checklist Manual Checks need to leverage psd1 files - Backward Compat Issue

• Update PowerSTIG to successfully parse/apply Windows 2012 R2 DC Version 2, Rev 21: #677
• Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs: #702
• Update PowerSTIG to successfully parse/apply Microsoft Internet Explorer 11 STIG - Ver 1, Rel 19: #707
• Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server DNS - V1R15: #696
• Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10: #704
• Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs: #699
• Update PowerSTIG to successfully parse Microsoft Windows 10 STIG - Ver 1, Rel 23: #678
• Update PowerSTIG to successfully parse/apply Windows Server 2019 Instance Ver. 1 Rel. 5: #683
• Update PowerSTIG to successfully parse/apply Windows 2016 DC/MS Version 1, Rev 12: #681
• Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19: #676
• Update PowerSTIG To Use WindowsDefenderDsc version 2.0.0 : #657
• Update PowerSTIG To Use PSDSCResources version 2.12.0.0: #723
• Update PowerSTIG To Use AuditPolicyDsc version 1.4.0.0 : #715
• Update PowerSTIG To Use xWebAdministration version 3.2.0 : #713
• Update PowerSTIG To Use xDnsServer version 1.16.0.0: #695
• Update PowerSTIG To Use SecurityPolicyDsc version 2.10.0.0: #690
• Update PowerSTIG To Use FileContentDsc version 1.3.0.151: #722
• Update PowerSTIG To Use ComputerManagementDsc version 8.4.0: #720
• Update PowerSTIG to support multiple STIGs per checklist #567
• Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions: #667
• Fixed #668: Incorrect key for SSL 3.0 rules in SqlServer-2016-Instance.*.xml
• Fixed #669: Missing TLS 1.2 configuration for rule V-97521
• Fixed #663: Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21
• Fixed #673: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2
• Fixed: Removed Windows Server 2016 DC/MS R1V9 from processed STIGs folder
• Fixed #718: Allow application of applicable user rights assignments for non-domain and disconnected systems
• Fixed #731: Update Windows 10 Client Org Default Setting For Rule V-63405 to "15"
• Fixed #735: Rule V-63353 won't reach desired state if system partition is Fat32

• Removed required dependency of Vmware.VsphereDSC due to cyclic redundancy error when importing PowerSTIG
• Update PowerSTIG to successfully parse/apply MS SQL Server 2012 Instance Ver. 1 Rel. 20: #639
• Update PowerSTIG to successfully parse/apply MS SQL Server 2016 Instance Ver. 1 Rel. 9: #636
• Update PowerSTIG to successfully parse/apply Windows Server 2012 DNS STIG - Ver 1, Rel 14: #633
• Update PowerSTIG to successfully parse Microsoft IIS Server/Site 10.0 STIG STIG V1R1: #632
• Update PowerSTIG to successfully parse Microsoft Visio 2013 STIG V1R4: #629
• Update PowerSTIG to successfully parse/apply Windows Defender Antivirus STIG - V1R8: #625
• Update PowerSTIG to successfully parse Microsoft SQL Server 2012 Database STIG V1R20: #618
• Update PowerSTIG to successfully parse/apply Microsoft IIS Server/Site 8.5 STIG - Ver 1, Rel10: #622
• Update PowerSTIG to use Azure Pipelines and DSC Community based build logic: #600
• Update PowerSTIG to parse/convert the Vmware Vsphere 6.5 STIG V1R3: #604
• Update PowerSTIG to parse/convert the Vmware Vsphere 6.5 STIG V1R4: #634
• Fixed #647: Conflict when configuring multiple databases
• Fixed #616: Unable to Import PowerSTIG 4.4.0 Due to cyclic dependency Error
• Fixed #632: Update PowerSTIG to allow for workgroup level scansr
• Fixed #652: Invalid ValueName for InternetExplorer11 rules V-75169 and V-75171

• Update PowerSTIG to Expand .NET STIG Automation: #591
• Update PowerSTIG to parse and apply McAfee VirusScan 8.8 Local Client STIG V5R16: #588
• Update PowerSTIG to successfully parse Microsoft SQL Server 2016 Instance STIG - Ver 1, Rel 8: #586
• Update PowerSTIG to parse and apply Windows Server 2019 V1R3 STIG: #584
• Update PowerSTIG to parse/convert the Windows Server 2016 V2R10: #582
• Update PowerSTIG to parse/convert the Windows Server 2012 DNS STIG V1R13: #580
• Update PowerSTIG to to parse/convert the Windows Server 2012 R2 DC V2R19: #578
• Update PowerSTIG to parse/convert the Windows Defender STIG V1R7: #576
• Update PowerSTIG to successfully parse Mozilla Firefox STIG - Ver 4, Rel 28: #573
• Update PowerSTIG to parse and apply Adobe Acrobat Reader Version 1, Release 6: #562
• Update PowerSTIG release process to include STIG Coverage markdown wiki automation: #560
• Update to PowerSTIG to show duplicate rule status matching in a checklist: #257
• Fixed #589: Update module manifest to leverage GPRegistryPolicyDsc v1.2.0
• Fixed #569: Update SqlServerDsc module version references
• Fixed #259: Checklist .ckl file fails XML validation in Stig Viewer 2.8.
• Fixed #527: Checklist is not using manualcheckfile when using DscResult.
• Fixed #548: Target/host data is blank when creating a new checklist.
• Fixed #546: Typecast causing an issue when trying to generate checklist using New-StigChecklist function.
• Fixed #401: Checklists generated by New-StigChecklist do not provide finding details.
• Fixed #593: Update PowerSTIG Convert naming conventions of output STIGs

• Update PowerSTIG parsing for IIS 8.5 STIG - Ver 1, Rel 9: #530
• Update PowerSTIG to successfully parse Microsoft .Net Framework STIG 4.0 STIG - Ver 1, Rel 9: 535
• Update PowerSTIG to successfully parse MS Internet Explorer 11 STIG - Ver 1, Rel 18: #538
• Update PowerSTIG to successfully parse Mozilla Firefox STIG - Ver 4, Rel 27: #540
• Update PowerSTIG to successfully parse Microsoft Windows 10 STIG - Ver 1, Rel 19: 533
• Update PowerSTIG to parse/convert the Windows Server 2012 R2 MS/DC V2R17/V2R18 Respectively: 531
• Update PowerSTIG to successfully parse Microsoft SQL Server 2016 Instance STIG - Ver 1, Rel 7: #542
• Update PowerSTIG to parse and apply OfficeSystem 2013 STIG V1R9 / 2016 V1R1: #551
• Update PowerSTIG to parse and apply Windows Server 2019 V1R2 STIG: #554
• Fixed #428: Updated JRE rule V-66941.a to be a Organizational setting
• Fixed #427: Windows 10 Rule V-63373 fails to apply settings to system drive
• Fixed #514: Feature request: additional support for servicerule properties
• Fixed #521: Organizational setting warning should include Stig name
• Fixed #443: Missing cmdlet Get-StigXccdfBenchmark function
• Fixed #528: New-StigChecklist should not require a ManualCheckFile
• Fixed #545: Need a test to verify the conversionstatus="fail" does not exist in processed STIGs
• Fixed #517: Need a test to verify the module version in the module manifest matches the DscResources.

• Fixed #517: 4.1.0 GPRegistryPolicyDsc Module Version Issue
• Update PowerSTIG to enable Exception Parameter Backward Compatibility Feature Request: 506
• Update Enable Stig Checklist automation to include Status and Comments for manual checks: #485

Update PowerSTIG parsing for Windows Sever 2016 STIG - Ver 1, Rel 9 [#498] (https://github.com/microsoft/PowerStig/issues/498)
Fixed #507: Get-HardCodedRuleLogFileEntry Errors on RegistryRule
Update PowerSTIG to leverage the GPRegistryPolicyDsc resource for Local Group Policy automation: #497
Update PowerSTIG to enable the logfile framework to consume a hashtable for HardCodedRule: #494
Update PowerSTIG to pass OrgSettings in via configuration hashtable: #372
Update support for SQL Server 2012 Database STIG, Version 1, Release 19 #482
Fixed #478: SQL STIG Instance V-40936 Fails to apply
Update PowerSTIG to automate applying the IIS 8.5 STIG, Version 1 Release 8. #469
Fixed #476: AuditSetting Rule for Windows STIGs has an incorrect operator when evaluating Service Pack information
Added support for Dot Net Framework 4.0 STIG, Version 1, Release 8 #447
Added support for Windows 10 STIG, Version 1, Release 17 & 18: #466
Added support for Windows 2012 Server DNS STIG, Version 1, Release 12 #464
Update PowerSTIG to automate applying the Windows Server 2012R2 DC & MS STIG, Version 2, Release 17 & 16 respectively. #456
Fixed #444: Duplicate principals in Permission Rule (Registry)
Updated logfile in 2012R2 DC STIG leveraging HardCodedRule to automate additional STIG rules. #446
Updated logfile in 2012R2 MS STIG leveraging HardCodedRule to automate additional STIG rules. #448
Declarative definition of a rule in the StigData log file to provide a standard way to populate unautomated rules #435
Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule #431
Fixed #419: PowerStig is creating resource xSSLSettings with the wrong value for Name.
Added support for Windows Defender, Version 1, Release 5 #393
Added support for Internet Explorer 11 Version 1, Release 17 #422
Added support for Server 2016 STIG, Version 1, Release 8 #418
Update PowerSTIG to enforce additional rules in the SQL Server 2012 STIG #438
Added support for Windows Defender Antivirus STIG, Version 1, Release 6 #462
Added support for Firefox STIG v4r26 #458
Updated logfile in DotNet Framework STIG leveraging HardCodedRule to automate additional STIG rules. #454
Fixed #493: IIS 8/5 Server STIG rule V-76745 is referencing the incorrect IIS default path
Fixed #505: Missing reg key setting on V-76759 IIS Server 8.5 v1R7

• Added support for Windows 10, Version 1, Release 17 #442
• Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule #431
• Fixed #419: PowerStig is creating resource xSSLSettings with the wrong value for Name.
• Added support for Windows Defender, Version 1, Release 5 #393
• Added support for Internet Explorer 11 Version 1, Release 17 #422
• Added support for Server 2016 STIG, Version 1, Release 8 #418

• Added support for IIS 8.5 Server STIG, Version 1, Release 7 #399
• Fixed #373: Registry resource does not handle null values for ValueData contained in Processed STIGs
• Fixed #376: SQL STIG Rules V-41021 (Instance STIG) and V-41402 (Database STIG) fail to apply when applying to a SQL instance that is NOT name the default (MSSQLSERVER).
• Fixed #377: SQL Instance Rule V-40936 fails when Set-TargertResource is ran
• Fixed #280: HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource. (Regression Issue)
• Fixed #385: IIS Server STIG V-76681 does not parse correctly
• Added support for Office 2016 STIGs #370
• Added support to Automate Application Pool Recycling for IisSite_8.5 #378
• Added support for Windows Server 2012R2 DC V2R16 #398
• Added support for update Windows Server 2012 MS STIG v2r15 #395
• Added support for Firefox STIG v4r25 #389
• Added entry in log file for IISSite 1.7 so rule v-76819 parses as an xWebConfigurationProperty #407
• Added IISSite v1.7 #400
• Fixed #403: DotNet STIG V1R7 update

UPDATES

• Removed duplicate code from rule class constructors
• Migrated from Get-WmiObject to Get-CimInstance to support PowerShell Core
• Migrated to PSDscResources #345
• Migrated to ComputerManagementDsc #342
• Fixed #358: Update PowerSTIG Duplicate Rule handling and capability

Added the following STIG

• Windows Defender V1R4 #344

UPDATES

• Fixed #350: Updates to fix Skip rules not working correctly
• Fixed #348: Update to DnsServer Schema to correct typo.

NEW

• Introduces class support for each rule type
• The STIG class now contains an array of rule objects vs xml elements
• Orgsettings, Exceptions, and Rule skips are all supported by the Rule base class
• Rule help is provided for any loaded rule.
  • See the wiki for more information.
• Major code refactor to simplify maintenance and usage
• [Breaking Change] The STIG class constructor no longer accepts Orgsettings, Exceptions, or Rule skips
  • That functionality has move to the load rule method
• DSC composite resource parameter validation for version numbers has been removed
  • The STIG class validates all input and will throw an error if invalid data is provided.
• The Get-StigList has be updated and renamed to Get-Stig to return the STIG class

UPDATES

• Fixed #241: [WindowsFeatureRule] PsDesiredStateConfiguration\WindowsOptionalFeature doesn't properly handle features that return $null

• Fixed #258: New-StigChecklist will not accept a path without an explicit filename

• Fixed #243: [V-46515] Windows-All-IE11-1.15 Rawstring typo

• Fixed #289: Updated DocumentRule and DocumentRuleConvert Classes to parse correctly.

• Fixed #284: [V-74415] [V-74413] Windows 10 STIG rule V-74415 and V-74413 should not contain white space in key

• Fixed 290: [V-76731] IIS Server STIG V-76731 fails to properly set STIG guidance because rule is not split.

• Fixed 314: Update PowerSTIG to Utilize LogTargetW3C parameter in xWebAdministration 2.5.0.0.

• Fixed 334: Update PowerStig to utilize AccessControlDsc 1.3.0.0

• Fixed 331: 2012/R2 [V-39325] 2016 [V-73373], [V-73389] PermissionRule.Convert CheckContent Match Parser Update

• Fixed 320: IIS Site STIG doesn't correctly convert STIGS that contain "SSL Settings" in raw string

• Added the following STIGs

  • IIS Site 8.5 V1R6 #276
  • Windows Firewall STIG V1R7 #319

• Removed the following STIGs

  • Windows Server 2012 R2 DC 2.12
  • Windows Server 2012 R2 DSN 1.7
  • Active Directory Domain 2.9
  • IIS Server 8.5 1.3
  • IIS Site 8.5 1.2
  • Removed: Internet Explorer 1.13

• Fixed #244: IIS Server rule V-76727.b org setting test fails

• Fixed #246: IIS Server rule V-76737 contains an incorrect value

• Fixed #225: Update PowerStig integration tests to consolidate duplicate code.

• Fixed #160: PowerStig.Convert needs to handle new registry rules without affecting existing code

• Fixed #201: Update PowerStig integration tests to account for skips and exceptions.

• Fixed #260: FireFox Composite Resource configuration applies correctly, but never passes a Test-DscConfiguration.

• Fixed #244: IIS Server rule V-76727.b org setting test fails

• Fixed #265: Fixed UserRightsAssignment split rule bug.

• Fixed #267: Fixed winlogon registry path parser bug.

• Fixed #238: Adds regex tracker for RegistryRule regex's.

• Fixed #274: UserRightsAssignment composite resource does not leverage the Force Parameter.

• Fixed #280: HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource.

• Windows Server 2012R2 Fixes

  • V-36707 is now an org setting
  • (DC only) V-2376 - V-2380 are migrated from manual to account policy rules.

• Added the following STIGs

  • SQL Server 2016 Instance V1R3 #186
  • Windows Defender Antivirus V1R4 #236
  • Mozilla Firefox V4R24 #261
  • Windows Server 2016 V1R6 #169
  • Windows Server 2016 V1R7 #251
  • SQL Server 2012 Database V1R18 #263
  • Windows Server 2012R2 DC V2R15 #267
  • Windows 10 V1R16 #269
  • IIS Server 8.5 V1R6 #256
  • Windows Server 2016 V1R6 #169
  • Windows Server 2016 V1R7 #251
  • Windows Server 2012R2 DNS V1R11 STIG #265
  • AD Domain V2R12 #270

• Fixed #215: Org settings wont apply for DotNet STIG
• Fixed #216: DotNet STIGs are misnamed
• Fixed #207: SQL Server Database rules fail to apply
• Fixed #208: Update PowerSTIG to use SQLServerDsc 12.1.0.0
• Fixed #220: Update PowerSTIG to use xWebAdministration 2.3.0.0

• Fixed #212: SDDL strings are incorrectly split in the xRegistry resource
• Fixed #180: IisSite SkipRuleType and SkipRule fail to skip rules

• Windows 10 Fixes

  • V-63795 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ##

• Windows Server 2012R2 Fixes

  • V-1089 - Corrected text
  • V-21954 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ##
  • V-26070 - Corrected key path
  • V-36657 - Corrected key path
  • V-36681 - Corrected key path

• Added the following STIGs

  • IIS Server 8.5 STIG V1R5
  • Microsoft Outlook 2013 STIG V1R13
  • DotNet Framework 4.0 STIG V1R6
  • IIS Site 8.5 STIG V1R5
  • Windows Domain V2R11
  • FireFox 4.23 STIG
  • Windows Server 2012R2 DC V2R14
  • Windows Server 2012R2 MS V2R14
  • Windows 10 V1R15

• Added the following STIGs

  • IIS Site 8.5 STIG V1R2
  • IIS Site 8.5 STIG V1R3
  • Oracle JRE 8 STIG V1R5
  • Microsoft Outlook 2013 STIG V1R12
  • Microsoft PowerPoint 2013 Stig V1R6
  • Microsoft Excel 2013 STIG V1R7
  • Microsoft Word 2013 STIG V1R6

• Added the following DSC Composite Resources

  • Microsoft Office 2013 STIGs
  • FireFox STIG
  • IIS Site STIG
  • IIS Server STIG
  • Oracle JRE STIG
  • Windows10 STIG

• Newly required modules

  • PolicyFileEditor
  • FileContentDsc
  • WindowsDefenderDSC
  • xWebAdministration
  • xWinEventLog

• Updated required module versions

  • xDnsServer from 1.9.0.0 to 1.11.0.0
  • SecurityPolicyDsc from 2.2.0.0 to 2.4.0.0

• Migrated Composite resources to the xRegistry resource
• Fixed 2012R2 V-15713 default org setting value
• Updated IE STIGs (V-46477) with the decimal value
• Updated New-StigCheckList to output StigViewer 2.7.1 ckl files
• Added SkipRule functionality to all composite resources
• Added StigData for FireFox STIG V4R21
• Added Sql2012 1.17 to Archive and processed
• Updated Sql2012 1.16 to fix broken rules
• Removed Sql2012 1.14 from archives to comply with n-2 version policy
• Updated data for 2012R2 Stigs to fix broken rules