ࡱ>  g2\p Christa Bator Ba=    ThisWorkbook=xL;E$8@"1Arial1Calibri1Calibri1Calibri1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1 Calibri1Calibri14Calibri1Calibri1 Arial14Calibri1<Calibri1 Calibri1 Verdana1Calibri1Calibri1 Calibri1Calibri14Calibri1 Calibri1Calibri1Calibri1,8Calibri18Calibri18Calibri1 Arial1>141<Calibri1Arial1?Calibri1h8Cambria1Calibri1 Calibri1 Arial1<Arial1 Arial1Tahoma"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_) m/d/yyyy;@,'[<=9999999]###\-####;\(###\)\ ###\-####0.0"Yes";"Yes";"No""True";"True";"False""On";"On";"Off"],[$ -2]\ #,##0.00_);[Red]\([$ -2]\ #,##0.00\)                                                                                                                                                                                                                                             , , 6 6 6 6 6 6 6 6 6 6                                 *                        6 6 6 6 6 6 6 6 6 6      , ,                  4 4 4 4 4 4 4 4 4 4            (                         ff  ff ff ff ff ff ff ff ff ff ff +  )  ,  *  8 8 8 8 8  8          * * * * * * * * * * P  P@ @  P@ @  P@ @  P@ @  P@ @  P  P  P  P  P  P !   @ @  @ @  @ @  @ @  @ @ !      "   #             $ `  `  `  `  `  `  `  `  `  `  `  ( %                                                                                                                                                                                                                                                        &  &                                                                                                                                                                                                                                                                                                                                                                '     (  ) a>  a@ 6  a@ 6 *             @ 4 4?  0  0 4      x? 7  x@ 7  x7  x? @   x  x@   x@   x    P  x? ?   x@ ?   x?   x?  x, x? , x@ , x, x? ? , x@ ? , x? ,  x? ,  x@ ,  x,     @ ? ,   ? ,    ,   @ ,   ,   @ ,   ,   @ ,  ? ,   @ ,   , ? ?  @ ?  ?   ? @   @  ?  @   ? 7 @ 7 7 ?   &@  & &@  +  ? , @ , , &@  &@  @  &@  &@  @ , "   @ 7  7  ? @     @   @      ? 7 ? , @ , ,  ,@ ?  ,?  ,  , ,@  -?  -@  - ? ?  @ ?  ?   ? ?   @ ?   ?  ?  @    ?  ?  @    ?   @    ? @   @  ? ?  @ ?  ?   ? @     @  ? @   ? @   @  ? @   @   ?   @    ,     ?  &@  &@    ? ? ,  ? @ , & ? @ ,    8  A#x  !,8  A#<  1A#|  1A#<  A#8  !,8?  A#8?  A#x?  1A#<?  !,8@ @   A#x@ @   ?   ?    8   x? ?  x@ ?  x?   x? @   x?   ? ?   @ ?   `@ ?   ?  8? @  8 8 @   h? ?   `@ ?   ` ?   `  x? ?   x@ ?   x ?   @   h?   `@   `   h@   h  x?, x,  x,  x!, p?, p, x@  8? 8 4  4! 8! 8!  <!  40% - Accent2 5?40% - Accent2 6@ 40% - Accent3M' 40% - Accent3 L %A40% - Accent3 2B40% - Accent3 3C40% - Accent3 4D40% - Accent3 5E40% - Accent3 6F 40% - Accent4M+ 40% - Accent4 L %G40% - Accent4 2H40% - Accent4 3I40% - Accent4 4J40% - Accent4 5K40% - Accent4 6L 40% - Accent5M/ 40% - Accent5 L %M40% - Accent5 2N40% - Accent5 3O40% - Accent5 4P40% - Accent5 5Q40% - Accent5 6R 40% - Accent6M3 40% - Accent6  Lմ %S40% - Accent6 2T40% - Accent6 3U40% - Accent6 4V40% - Accent6 5W40% - Accent6 6X 60% - Accent1M 60% - Accent1 23 %Y60% - Accent1 2Z60% - Accent1 3[60% - Accent1 4\60% - Accent1 5]60% - Accent1 6^ 60% - Accent2M$ 60% - Accent2 23ږ %_60% - Accent2 2`60% - Accent2 3a60% - Accent2 4b60% - Accent2 5c60% - Accent2 6d 60% - Accent3M( 60% - Accent3 23כ %e60% - Accent3 2f60% - Accent3 3g60% - Accent3 4h60% - Accent3 5i60% - Accent3 6j 60% - Accent4M, 60% - Accent4 23 %k60% - Accent4 2l60% - Accent4 3m60% - Accent4 4n60% - Accent4 5o60% - Accent4 6p 60% - Accent5M0 60% - Accent5 23 %q60% - Accent5 2r60% - Accent5 3s60% - Accent5 4t60% - Accent5 5u60% - Accent5 6v 60% - Accent6M4 60% - Accent6  23 %w60% - Accent6 2x60% - Accent6 3y60% - Accent6 4z60% - Accent6 5{60% - Accent6 6 |Accent1AAccent1 O %} Accent1 - 20%~ Accent1 - 40% Accent1 - 60%Accent1 - 60% 2 Accent1 2 Accent1 2 2 Accent1 3 Accent1 3 2 Accent1 4 Accent1 4 2 Accent1 5 Accent1 5 2 Accent1 6 Accent1 6 2 Accent2A!Accent2 PM % Accent2 - 20% Accent2 - 40% Accent2 - 60%Accent2 - 60% 2 Accent2 2 Accent2 2 2 Accent2 3 Accent2 3 2 Accent2 4 Accent2 4 2 Accent2 5 Accent2 5 2 Accent2 6 Accent2 6 2 Accent3A%Accent3 Y % Accent3 - 20% Accent3 - 40% Accent3 - 60%Accent3 - 60% 2 Accent3 2 Accent3 2 2 Accent3 3 Accent3 3 2 Accent3 4 Accent3 4 2 Accent3 5 Accent3 5 2 Accent3 6 Accent3 6 2 Accent4A)Accent4 d % Accent4 - 20% Accent4 - 40% Accent4 - 60%Accent4 - 60% 2 Accent4 2 Accent4 2 2 Accent4 3 Accent4 3 2 Accent4 4 Accent4 4 2 Accent4 5 Accent4 5 2 Accent4 6 Accent4 6 2 Accent5A-Accent5 K % Accent5 - 20% Accent5 - 40% Accent5 - 60%Accent5 - 60% 2 Accent5 2 Accent5 2 2 Accent5 3 Accent5 3 2 Accent5 4 Accent5 4 2 Accent5 5 Accent5 5 2 Accent5 6 Accent5 6 2 Accent6A1Accent6  F % Accent6 - 20% Accent6 - 40% Accent6 - 60%Accent6 - 60% 2 Accent6 2 Accent6 2 2 Accent6 3 Accent6 3 2 Accent6 4 Accent6 4 2 Accent6 5 Accent6 5 2 Accent6 6 Accent6 6 2Bad9Bad  % Bad 2 Bad 2 2 Bad 3 Bad 3 2 Bad 4 Bad 4 2 Bad 5 Bad 5 2 Bad 6 Bad 6 2 Bold Calculation Calculation  }%  Calculation 2Calculation 2 2 Calculation 3Calculation 3 2 Calculation 4Calculation 4 2 Calculation 5Calculation 5 2 Calculation 6Calculation 6 2 Check Cell Check Cell  %????????? ??? Check Cell 2Check Cell 2 2 Check Cell 3Check Cell 3 2 Check Cell 4Check Cell 4 2 Check Cell 5Check Cell 5 2 Check Cell 6Check Cell 6 2 Comma( Comma [0]&Currency. Currency [0] Emphasis 1 Emphasis 1 2 Emphasis 2 Emphasis 2 2 Emphasis 3 Emphasis 3 2Explanatory TextG5Explanatory Text %Explanatory Text 2Explanatory Text 3Explanatory Text 4Explanatory Text 5Explanatory Text 6 Good;Good  a% Good 2 Good 2 2 Good 3 Good 3 2 Good 4 Good 4 2 Good 5 Good 5 2 Good 6 Good 6 2 Heading 1G Heading 1 I}%O Heading 1 2 Heading 1 3 Heading 1 4 Heading 1 5 Heading 1 6 Heading 2G Heading 2 I}%? Heading 2 2 Heading 2 3 Heading 2 4 Heading 2 5 Heading 2 6 Heading 3G Heading 3 I}%23  Heading 3 2! Heading 3 3" Heading 3 4# Heading 3 5$ Heading 3 6% Heading 49 Heading 4 I}%& Heading 4 2' Heading 4 3( Heading 4 4) Heading 4 5* Heading 4 6+4 Hyperlink  , Hyperlink 2- Hyperlink 3 .InputuInput ̙ ??v%  /Input 2 0Input 3 1Input 4 2Input 5 3Input 64 Linked CellK Linked Cell }%5 Linked Cell 26Linked Cell 2 27 Linked Cell 38Linked Cell 3 29 Linked Cell 4:Linked Cell 4 2; Linked Cell 5<Linked Cell 5 2= Linked Cell 6>Linked Cell 6 2? My Normal @NeutralANeutral  e%A Neutral 2B Neutral 3C Neutral 4D Neutral 5E Neutral 6"NormalF Normal 10G Normal 10 2H Normal 10 3I Normal 10 4J Normal 10 5K Normal 100L Normal 100 2M Normal 101N Normal 101 2O Normal 102P Normal 102 2Q Normal 103R Normal 103 2S Normal 104T Normal 104 2U Normal 105V Normal 105 2W Normal 106X Normal 106 2Y Normal 107Z Normal 107 2[ Normal 108\ Normal 108 2] Normal 109^ Normal 109 2_ Normal 11` Normal 11 2a Normal 110b Normal 110 2c Normal 111d Normal 111 2e Normal 112f Normal 112 2g Normal 113h Normal 113 2i Normal 114j Normal 114 2k Normal 115l Normal 115 2m Normal 116n Normal 116 2o Normal 117p Normal 117 2q Normal 118r Normal 118 2s Normal 119t Normal 119 2u Normal 12v Normal 12 2w Normal 12 3x Normal 12 4y Normal 12 5z Normal 120{ Normal 120 2| Normal 121} Normal 121 2~ Normal 122 Normal 122 2 Normal 123 Normal 123 2 Normal 124 Normal 124 2 Normal 125 Normal 125 2 Normal 126 Normal 126 2 Normal 127 Normal 127 2 Normal 128 Normal 128 2 Normal 129 Normal 129 2 Normal 13 Normal 13 2 Normal 13 3 Normal 13 4 Normal 13 5 Normal 130 Normal 130 2 Normal 131 Normal 131 2 Normal 132 Normal 132 2 Normal 133 Normal 133 2 Normal 134 Normal 134 2 Normal 135 Normal 135 2 Normal 136 Normal 136 2 Normal 137 Normal 137 2 Normal 138 Normal 138 2 Normal 139 Normal 139 2 Normal 14 Normal 14 2 Normal 14 3 Normal 14 4 Normal 14 5 Normal 140 Normal 140 2 Normal 141 Normal 141 2 Normal 142 Normal 142 2 Normal 143 Normal 143 2 Normal 144 Normal 144 2 Normal 145 Normal 145 2 Normal 146 Normal 146 2 Normal 147 Normal 147 2 Normal 148 Normal 148 2 Normal 149 Normal 149 2 Normal 15 Normal 15 2 Normal 15 3 Normal 15 4 Normal 15 5 Normal 150 Normal 150 2 Normal 151 Normal 151 2 Normal 152 Normal 152 2 Normal 153 Normal 153 2 Normal 154 Normal 154 2 Normal 155 Normal 155 2 Normal 156 Normal 156 2 Normal 157 Normal 157 2 Normal 158 Normal 158 2 Normal 159 Normal 159 2 Normal 16 Normal 16 2 Normal 160 Normal 160 2 Normal 161 Normal 161 2 Normal 162 Normal 162 2 Normal 163 Normal 163 2 Normal 164 Normal 164 2 Normal 165 Normal 165 2 Normal 166 Normal 166 2 Normal 167 Normal 167 2 Normal 168 Normal 168 2 Normal 169 Normal 169 2 Normal 17 Normal 17 2 Normal 170 Normal 170 2 Normal 171 Normal 171 2 Normal 172 Normal 172 2 Normal 173 Normal 173 2 Normal 174 Normal 174 2 Normal 175 Normal 175 2 Normal 176 Normal 176 2 Normal 177 Normal 177 2 Normal 178 Normal 178 2 Normal 179 Normal 179 2 Normal 18 Normal 18 2 Normal 18 3 Normal 18 4  Normal 18 5  Normal 180  Normal 180 2  Normal 181  Normal 181 2 Normal 182 Normal 182 2 Normal 183 Normal 183 2 Normal 184 Normal 184 2 Normal 185 Normal 185 2 Normal 186 Normal 186 2 Normal 187 Normal 187 2 Normal 188 Normal 188 2 Normal 189 Normal 189 2 Normal 19 Normal 19 2  Normal 190! Normal 190 2" Normal 191# Normal 191 2$ Normal 192% Normal 192 2& Normal 193' Normal 193 2( Normal 194) Normal 194 2* Normal 195+ Normal 195 2, Normal 196- Normal 196 2. Normal 197/ Normal 197 20 Normal 1981 Normal 198 22 Normal 1993 Normal 199 2 4Normal 25 Normal 2 26 Normal 2 2 27Normal 2 2 2 50@Normal 2 2 2 50 8 Normal 2 2 39 Normal 2 2 76< Normal 2 2 76 : Normal 2 3; Normal 20< Normal 20 2= Normal 20 3> Normal 20 4? Normal 20 5@ Normal 200A Normal 200 2B Normal 201C Normal 201 2D Normal 202E Normal 202 2F Normal 203G Normal 203 2H Normal 204I Normal 204 2J Normal 205K Normal 205 2L Normal 206M Normal 206 2N Normal 207O Normal 207 2P Normal 208Q Normal 208 2R Normal 209S Normal 209 2T Normal 21U Normal 21 2V Normal 21 3W Normal 21 4X Normal 21 5Y Normal 210Z Normal 210 2[ Normal 211\ Normal 211 2] Normal 212^ Normal 212 2_ Normal 213` Normal 213 2a Normal 214b Normal 214 2c Normal 215d Normal 215 2e Normal 216f Normal 216 2g Normal 217h Normal 217 2i Normal 218j Normal 218 2k Normal 219l Normal 219 2m Normal 22n Normal 22 2o Normal 220p Normal 220 2q Normal 221r Normal 221 2s Normal 222t Normal 222 2u Normal 223v Normal 223 2w Normal 224x Normal 224 2y Normal 225z Normal 225 2{ Normal 226| Normal 226 2} Normal 227~ Normal 227 2 Normal 228 Normal 228 2 Normal 229 Normal 229 2 Normal 23 Normal 23 2 Normal 23 3 Normal 23 4 Normal 23 5 Normal 230 Normal 230 2 Normal 231 Normal 231 2 Normal 232 Normal 232 2 Normal 233 Normal 233 2 Normal 234 Normal 234 2 Normal 235 Normal 235 2 Normal 236 Normal 236 2 Normal 237 Normal 237 2 Normal 238 Normal 238 2 Normal 239 Normal 239 2 Normal 24 Normal 24 2 Normal 240 Normal 240 2 Normal 241 Normal 241 2 Normal 242 Normal 242 2 Normal 243 Normal 243 2 Normal 244 Normal 244 2 Normal 245 Normal 245 2 Normal 246 Normal 246 2 Normal 247 Normal 247 2 Normal 248 Normal 248 2 Normal 249 Normal 249 2 Normal 25 Normal 25 2 Normal 250 Normal 250 2 Normal 251 Normal 251 2 Normal 252 Normal 252 2 Normal 253 Normal 253 2 Normal 254 Normal 254 2 Normal 255 Normal 255 2 Normal 256 Normal 256 2 Normal 257; Normal 257 % Normal 257 2 Normal 258 Normal 258 2 Normal 258 3 Normal 26 Normal 26 2 Normal 27 Normal 27 2 Normal 28 Normal 28 2 Normal 28 3 Normal 28 4 Normal 28 5 Normal 29 Normal 29 2 Normal 29 3 Normal 29 4 Normal 29 5 Normal 3 Normal 3 2 Normal 3 3 Normal 3 4 Normal 3 5 Normal 3 6; Normal 3 6 % Normal 30 Normal 30 2 Normal 31 Normal 31 2 Normal 32 Normal 32 2 Normal 33 Normal 33 2 Normal 34 Normal 34 2 Normal 35 Normal 35 2 Normal 36 Normal 36 2 Normal 37 Normal 37 2 Normal 38 Normal 38 2 Normal 39 Normal 39 2 Normal 4 Normal 4 2 Normal 4 3 Normal 4 4 Normal 40 Normal 40 2 Normal 41 Normal 41 2 Normal 42 Normal 42 2 Normal 43 Normal 43 2 Normal 44 Normal 44 2 Normal 45 Normal 45 2 Normal 46 Normal 46 2 Normal 47 Normal 47 2 Normal 48 Normal 48 2 Normal 49 Normal 49 2 Normal 5 Normal 50  Normal 50 2  Normal 51  Normal 51 2  Normal 52  Normal 52 2 Normal 53 Normal 53 2 Normal 54 Normal 54 2 Normal 55 Normal 55 2 Normal 56 Normal 56 2 Normal 57 Normal 57 2 Normal 58 Normal 58 2 Normal 59 Normal 59 2 Normal 6 Normal 6 2 Normal 60 Normal 60 2  Normal 61! Normal 61 2" Normal 62# Normal 62 2$ Normal 63% Normal 63 2& Normal 64' Normal 64 2( Normal 65) Normal 65 2* Normal 66+ Normal 66 2, Normal 67- Normal 67 2. Normal 68/ Normal 68 20 Normal 691 Normal 69 2 2Normal 73 Normal 7 24 Normal 7 35 Normal 7 46 Normal 7 57 Normal 708 Normal 70 29 Normal 71: Normal 71 2; Normal 72< Normal 72 2= Normal 73> Normal 73 2? Normal 74@ Normal 74 2A Normal 75B Normal 75 2C Normal 76D Normal 76 2E Normal 77F Normal 77 2G Normal 78H Normal 78 2I Normal 79J Normal 79 2 KNormal 8L Normal 80M Normal 80 2N Normal 81O Normal 81 2P Normal 82Q Normal 82 2R Normal 83S Normal 83 2T Normal 84U Normal 84 2V Normal 85W Normal 85 2X Normal 86Y Normal 86 2Z Normal 87[ Normal 87 2\ Normal 88] Normal 88 2^ Normal 89_ Normal 89 2 `Normal 9a Normal 9 2b Normal 9 3c Normal 9 4d Normal 9 5e Normal 90f Normal 90 2g Normal 91h Normal 91 2i Normal 92j Normal 92 2k Normal 93l Normal 93 2m Normal 94n Normal 94 2o Normal 95p Normal 95 2q Normal 96r Normal 96 2s Normal 97t Normal 97 2u Normal 98v Normal 98 2w Normal 99x Normal 99 2 yNoteb Note   zNote 2 {Note 2 2 |Note 2 3 }Note 2 4 ~Note 3 Note 3 2 Note 4 OutputwOutput  ???%????????? ??? Output 2$Percent Sheet Title Title1Title I}% Title 2 TotalMTotal %OO Total 2 Total 2 2 Warning Text? Warning Text %Warning Text 2Warning Text 2 2Warning Text 2 2 2Warning Text 2 3Warning Text 2 3 2Warning Text 3Warning Text 3 2Warning Text 3 2 2Warning Text 3 3Warning Text 4Warning Text 4 2XTableStyleMedium2PivotStyleLight16`' DashboarddDResults\ Instructionsv Test CasesBAppendixR Change Log&!  ;   ;   ;   ;*   ;7   =  ;   ;8fVf@ @ 8(5b-!ODw30@Gbe n!ODw30@GbePNG  IHDR<qsBIT|d IDATx^}``SJsH JH" btJww `ynw]^O9f3 o7𿴾gN3ڍR+[V]ò2 -EcYt޸!V66+-{mUu?RN}>_:ϭ՛ֳ*իd~=qك۽rn}L=Q"))),g%6$.(~f8x|G=1%1 ";KaL!w8يZdy(%,"ZBf鴵(4\JV-- 8+x9|o=ywOևo1|WFo9h4dqp56kWP8>7J( })ᑱ'$8\t"\&{r9|)4 JSkWMjJBve |>xW?3_T;F ߶3>b'{j-&VK)Xܒ[wBD86XۊNORK,"*JKz[6,goóIF7x,bڮ~)w-έf0aC[cwnݱHGbo^rΓƠw @?"< /7*kTK7e+600hGK/)Xj\Ir`7VFd 0|˗0o[мl;޻u3~Y+## ݈Je-NJ*"ݛ֔ƕ}&0X !%?"c6^^^jR]J|K8gK keeج_)eݬtTz_XAz VWӻE- f|rJH19&UDG.LXDI${J30 o"Ψ"zɪ}`2E]Wz-%;Yj?`}ŔwX#IoG>m eŻO0q{He,H}Hs$M^xaRTŊ2uYuB:DY:i_#?; CG-C`סO/spCnO 5 ~`_o]Gɗv" ^żd\צҶ{>?Հ܉5~vyd~D7Gt1痲sH~uwC:Ke\x+D⁰仡]doP_Kh$Rĭ{V;ӆu.2%FZV/'͖% ˹γWeEnߌF ߢ^i߶1Xg!Oi ^ ],&Z׷uW|g[kko^3cuDBy䎋c^84$ٓ$fljK2 {K@=yB bSIݭj4Ho M 7tl+I]'eڢmK:345P5g 8}LEloun탽l'011XO%R`~C)T4j6`9kEr$X}Pa\Zש$H(I cz8߮إmS} zH 1yVvd[=q3@ӍQnT.zLM!L?t8w9 o =nI̝w0_k;#|O:sAS{:h|чZV/+-G dJ2/&>nW Zʜ-G,<0ƯS,9$r%t_E zs,>tml+f|%_ D>⵼Nп 6?O?Q U;PA2 Rȥ  xH"}ֿ8Y **!mGȗ)Xv9;[2 lCsӹVB+N?0].]~ÜU*&0 JDRP|hkeܜ `Rcf>$ɪ7<+Ae 0G2$;Ag2HI9)Cț~ue)ɛ~% ϟfB x%> soL=yDAwym]0Mo* ;^AV}4@y%$_kn)nBa`X*rGvLIaZ7MeΓr;ުƁewi Gk@?(6lĈ>[  :@dߍ_̇Judߜ|`2CFK~r כ߭C7qd7iS'iO]xG~B/-xݨ_'tq/ : 76wɟkk&%мO_H_)otCw%yrn(35GA,ÿ[.Q5Q7 #z1oP/_ݓ^ع}{G_WuymfK>oLӘs,z`K0St@_TGb1M)C( DB? U[+H H)W&rD!wzC'E,jQ!|@~X3Jj8oveqr-5'k{N;u`BD0w|6&_/HLQEz6)VմѷPEGk8:L`Xxn7*-ںx:?`06ʖ/]JBݦU:o;(c025^5ߐW^HX]o+Z~[ L2}r ׃GOltc!9pŰ>*@H%kPHipA% oՓmWI~.͔ݫxm3sp2 s5=Z~m7-'/hX 0/ЭGMv}9Đz_H7.x|˄ߍPmCiiX~z~e$5 篷+vK , 8.O @/eLL:mkWP )gYI4 ͰNV]Jκ <4( yHcown,KiKR.S%CA|X/ʬ]"ƮN=e 4BkۦCmQsosY rdCgL͸7b-\w,1ֵ g_C&i]cPH.s)\,H_ ` `d?6J0R< `>E Hf{p0g+x|Wl9w&P#0Y):4&t/ޒUx`p KƆH:C̃D% B65gn/zbAf> rfҤ 5QGkeJV=yw̍:@?Co2A0ߏzECs=5vxz/(sL8e{N 5lXouUy$]J>гm$&.@=>+ e㴑pV,/Ni46!opu1A#6hվYk!^>x+?g찭Sg& >k˼AV#5\=n , `jF_l^Sz4.;ay~860KH[谺gK^?10zai ,X`g+~ !T@=%__ӄ)0.MgJ?{w_ md %d|?Tω4W&fv򛡆5kWOMҼV`|Ń94ss1Xbk3Ǒ%;aA*A)>~]jJ2|5rQ NP<s4Dn~(& s T/n{~փLZkO tGY}:hCy>}ʲ,尪P?$ڲT2mնĹ;帿7ρ%綊<\M:Nއ\)g mݍ!M}*ǻa^& Cwlp h:M&i <1T0,٥0h%=}jwJ->܌W.~ܨջN)TSL_eI󷾕4T+(.(JVOck>[ &~}@vE-&>SkZU;Gk|Oy.^-_}/.7{2 \ƞ#QJϵRuVzg7 , 'Icp\>{31݇Ӂr²Ѳֽ|5ea';+价!97WQ͚:j9= 9Hh#Eo Q5cJ?q7$__ >ytik>}fvX6~D!+7P^Mcҋڜa""=YbHD~:,?wE )x"`3QitOU|*Za(t( IيfsI[ݣ?H Caֿ>V |38c({7SB#˱fKZux=IdkOADtuiL_M`7( F0Q.bJM@ 8Jp#iN5f dv_ ܼf-to![(d%B=?~$ab夡Sߕ [g EKֽkbw5oڜrq߹V@G߁;pdP'W3 V\֧\p j`iûɅ[e1kUJ!|> =m*˟̼60oT~[`GX#HJE9/,*`Wf$zl(, Owz<ȑrꮭ| @/faj>p6+`,.J z_U]j2!O0q1CpVG>@o&wpi ';b%'Vi- l?{쫈<(|1Q5*+ i|֭SޘA8>RɈ1R ݧ%H}V陫a*mհ zIzFH$2ZL6~怖If{ŠLep[I<@gx`Mn·!ǾXb+uCױqɺ8YFá Kf# `yW+FGm5d`0D?I3䑘ۿrUk|qNrg潨O1O'e\D4VC]'ĽG1Wb@\ ʋR &A*]=!u JcxN6Q 9SwT--MǟB>[ϲ4`ک53KUG^sr 4h$N=-HR_W$խ˹qSn8BƊ]ⅲ޲R%֫yc6CJMm-_{懳'җz] 1~A |P ;XrZ#?oE``]W4H^vN7K.*wFJ26~k9n ci.f6ۼ:ㇿ&VMP{U-$ރZ n=0^׶miKfu]uٻcۢ^wm[ґ݉.C-:Ȓـ &A@g u9ɌS):D*<`mFzZD.Ŗr)(Kwkr3Sj9zsx*>xKL KBwlq2s IDATbch͜{i}06DYr/lf`q1t&yU lBH͂ Cjmrŭw:]@]V@N3)y xO@8T\2H4gx br=8W/'ۏ>* qNoD=ADebk.LOt ,X-%@чR9nx$ޑB#I׃?@ouz5Z #zo.KW\rbwxS̿e"߱W!FKcXU 2q Sgl`b%mҵ)5%[[9񤸜,)Jky7ڋUJ<ɮ[ mfRiZI6R)Rk Ћ{CR{]$%%*Xiy_' ݑ̿귕:zicD{ Z50y` zOI50Oq_O[~¯fq2?a܍(=CmAJ-np6WQ: k/BztDc Ⱦ e&=]D qf֑g%,G\]AqDLEnBU)|VѮކ.aY4y6|l@ɭHjyJ ;ҥ5U>dycjjgeR PfS LBZ('91iCn u.JPa/;<~  /5&{dkgY)\`jlBJ]͸ nlKd֬QVܯ.}_G3X-+N5o_Olh b %Pa֯Jo~6lhՁX@Y'5lUd2L{g)}A<~'z2$#<-j*BPT$u{\k9~űeiK{J05ԯrq/Cc/E`鮙 k~E629DiE# FE!jee#n]Urc { &e>H x&p{jy)3褴ǪJ~ӽKM?S0y)hhfCus̪YUN lK#J.zg,Bq}ە06T\']ʑ8Y;],'$eYڥrj ì -Y1ݸAI^1Rʧ앣jQw;W5C%61EJ#-LjRyhI6lϰEڭ:Y3&Bk =^߭ | H =N*r*mՂr/aNhf2 EsoGWe4 s~|~ t`ːkB62váǰ0GR'n]!wo#& Ą6^!JUF<* P3D.+UðV&5= ԰+4h\Mmj!W g12s*\#Ћt";5Sl1֑o>~Eg(S,reל@Rm-`&@uИAQ(l7ێp3z,eZ?*;Y+S-&Hj^ҿF xjYpÙƞs:_,}%A~ ,'ˁeWW֫/wQ:= I=R>g.l:=ͦKQdP/2kf ]U,5><#؁J̴ͤ9OUbKRIu6I rH<s35`@lHy\[H]q?v.7_$ M˪넒ZKI4+6 vRf58AO3OJWdnVՕ#a"L '} qrcunצZll LO#n'gZ&v 5`SbxY}Rb t^ ߇qZԮ).A0l;N(a5w+- 6[KU PqB%-bX43 v-V>}\Sz ϗ y 8y1;58&T @ bL׺b3f*?o;.Cn,… eJBRZ)CL Ľ,y*%=H_>J%}Pf/"iڳ!8]9_ݺ[ԼZ}kXoVT5^=;o[[4Q cn*ŒPuF/j=|[miQD2S){4y*2K~eldZ$,k $p{t̩U  y]t[iKB͊ff!.B@;&6vt'Z_L_y؇^` y׬]ccVEUĻPS耭>s>N`R3}Sx+fݑH~erbKG0 *?0.^O 怅[$2) ̫b\qez ki;gzK!yGrB]/4lu(0UXZNsv͝2BkkeəP5AfGF ?AءR GZ ;N+3m僣a0Rj,-EY oX;Z'X{kI c_Δ@H=X˔@ԉ]&*Cn$!>b`Ɗ@LS[!Fc*m Dnar0X P%P [+ ˫X?ӻZˎea\n ض/6u7դ7u?Y>oXFy^?sdL\C1 8Qy4+CWbFæK=W<8R>ޜ2|Jڸl,J% d,.6GScM0 :Ex11`\wpaH Ҡb)9q%H-Kg{ 0PpƇ#!W} BNZŅ k#_s0 kuL76 [Y*&9P( gj6&TWSI24ws{>󴥘?< ǵ€ 7a bt~X$vb\\ ,4kEUulf5s`,d%(oY #,@.wϷjJG'Jg < ǰ!8:+sR@ !@I2cn' ]:,p !ϵ~'^E/멐-⠸0X`Lflu M+L֗Fe62n E4/<ɝx5udu"78jN}3ve&q݊u+~NUeHrLEjtoB JzZ1ٔ۴,U" KJBB( {!O+":IA2ֺիSF?'x S`@'xF_sQOwJ mlh5Ov`" =IWiOJە ;hQFR2xQ14o˺L2ES[#=7rS-`B#^UsS(w %:8TvrILoyt0)(ʰ7V5wHT:aߴ~J D 5Ϭ%ij,{q>P5ݼ@:6v2 0KR^Z3ݠ/u!Z|'[#z $'m6rp<~*Rui $tMAz!tz_{ߐw#bhNZq7;Yw9\~M6ȋ0Zv`0[0I4 ["%_}sx;}A W7,8H>{9<@:Co_gŒ픲K#1P6Wz|__f>?r:[S )Oa,iH鉶6(z SHi^w r*UQko!>uYmz2RU쟐Q3 T0B ?fxyS ,jQ(Z$}7'(Ld]Uw8ixfm4HѦ$Y9HYH;Pj}:%2fDZ±-H_$K[nqm T \ ~kC5v %^7da'`Yc`/`M1`SLmd2 PyO45dKuVFQrCHJK  ;L FpA&Q&zJ%|Fr\M6:A7͗*N2}_?JCr=ӡY- -_M$[bQg5L. 9CKPꑶʶz)".AU/Etå}, {Kr ̋Hh)\ܧo?YR 6æ)P=6 YVjTw%JBewlTyU v0E5=rHB| qmz {<j|SQqM?TZK: UPW.K X"yfju᯲=3 8ːr⢭3!M߉>8@Lƒ c?e;_TCn IDAT+ u NJq. >HYUqxIφ0\#I!)RUe026°s@ޫCrRYI;W^ SR5Tk& gCvW@_]%>Y$gi`֢ 3&_},GI@ dWCT7m)r/M@JwʞQlZ|Z*9oM1Fʌu1UdgITa5`i9NBԌ@:3dK%eFmTMȍV QBc|_|%PXRz (EkNε'η2Ln"^s GHjo:T8+:$' !Xh9c2`]JWA=G `k ~~fn p'@6>=Zޡ._ 2nS4L̴E?6uT: |Q0x S39YBT ;ZLCL-lM'=q`2)WYl̃XK#W>dF~J ,0LJ?N3BI%.FbƮ ]I:2U)l&3`uoo\38:4_o% @*oہzHta x]~t}<]8SV&~ژLJs1x{QN^*J'2Ep:2ZDd2np/$N^ZC^=U- Ju`>dMلVˢsbwK_8*(kȺkU uK|Z{ߑnGɩqlL^$E3Hy24EDbܛ'W:#*hEgʬC΀ԃYvkI3Iop?zh7⣑|=?K 6#nN۶l%}X:% ڽE ]Jh|cVzOouW I="SIw*uSom-j*Ҍr&h]J>v]l~!O;> 4]T&U:(V:چ|ҀP2>`\jx69H~5).b)PN@jP uc7N8w7hWweܤr$Ϯ BZ!2@Ό0o@9[%1a :+CqhpwgXH~N.aJoxhwp0:ZM,L, : 57AG'ϐ"QPEp[9 E#eMu*\2=rZu; ~,_ '?@A ʯv(.Uۿ4~^ju V"_LmG{u q\NrCMesd'*R6Q Š)j.,ڡ2׉E xӋP\q*v#ke6`UPeTJ#&Y>~R -bD@00XU_w2*3"Xq./K_RP&( W8>Of6ZOw/XB;M~5rM$g± {T.h@nCZJ zJƛB\>βb` pڌZ<h\u{2K̻k2q2 N<>N>XT=Qd`t>͢$Ac'=ض{Yt(.#vp~^j Nz"Q 5!wr^*_L׃uRǶzYx Bcsh<$ftJԌ4;C6ïҭx48mBD@n'U{k4N&2H HSJӿ8#,*x^IzKJf[EK~6qbT-ފk ‰E_,LTqgkq35K7aAGɯ>\dßٴ{w`Q/GXS1[2HT:ҰV( L~ۈ)Gpns5CUH+Y Δ_;qfث!`0A(l!'+G n? fG(G<|*C@'Mљ{T]y R9$iz٬I[fFt2 䪅)=?|7JYOt%e?!k[\)?D|#KHcqNbu9 n+uIuG4KlM/&%B@J8go%(7 ?P#S^o/c{3|SIn+CIW#Y5o;|^N]*G sF=|,ҴvuOIHV8௞8:YM6BbB}a;6Ej?4(`*t`AUРvf|[뇍HdBlCq:ӣ$ S NJϩ2hg?7iy}Ƴ-x*Y)wm ?~vX3S[[A BD#.&ݥkz<+~sdɎF0FUL؈. ppWn^NҸ->P{=JPz{խYM75d"-kxqbL5 (@`*KNM7d5YVlḽ>Jx_`@C 0}8#?A +gh4OPSTAA1/&:WJ7&Y˱`'_ _ E6Sjp@KoD&ei;PY}'8<2]:M|*fp>5E{¼1kǸy<;x>>0~15%Ė}7^Ta=5pѰ¹7??l1֧5ؘٿg$gcQDp_u7K(H|8 ~\p8;7ˑ0d֛Mn#zHO`eMY/ IUFis\U(tQ^mZ#)/khV'}N'i9{ ۧ.c\h^3ռ%+? #;6-3dN'P$ޞ!u!Bݞd;~w„-~ls A#~j8)Y5vvqTT BL*[HT !ʐ$/k 'e?E}FDA;i|YzdߝlS&x_ s7R%}[rV*ѰݸkwXط6iMN3-ŗ /9LqF*n>"?ݳ#<'e^odB_BiPxH\9.9IBaВyhh鬹`"Пud Tnh9v%hP"!p L%jipX'pCy- g8VY^w=tuZ~0e58Q0DN^4KotQT'/`]a2}>ˊ˾dASTFIx>tu .|ӜX=;߲:99*i ϭxy[)[QHzr0>`EG!9YpN#gxXRjd+ar9ҫ5IMh,S dzA]|n:Bb" e43el 8"\&&ݥ?xXfp11,M"Q=1@0dƁll>ҪS*ƺܱ<BXٚ_AE}h1B}4? @ Kӡ]CPZzugټԏU<*iEbCb53Sn>NP k%dyy)Aʅ,,Ze~B?,r+6 _ij%Ŝ׉!W@Bqw')IE.¸5zR|`e% 'HFk Ye$n1IAkV1%DͱIbT#hn0wʝvo){wK矁mTm| ><> Ѯ)eEdx>W'js /o8IU\ky\xvrYڲp!^e~s\>3|h7wmܟpTl7^ \-O$[8;,tr5%M*S˜?:E{cR#wǍPJz9-ţfBs,lj!}{bL:1c'RV2x] Q9 L8 ĘZMLM$L*K`nd7YeU)Y}=F %7-H_-wVQlgkɛ%x7!n)@#Q_FmuRN% Ut3߉3y(`PgDfrHB] !!&8^~ pW%2P8A:܏ xTENqyH (0::ā~u wmWVݳASRx!iz;m\a*8vZvCf yYE՞.{g?-i6zXyØ\7؍OBhei6M2r08yh; k'{Iw8Jm4 4dyZr|VP8LAţ3,tjA_4 f}]-,SJ), _.c RajAvX ˦T-ք:\߶|Ы kfFJU8tA_.ޮa6\Jkz2\l\JmHس}8o922 "RfISG4{S\2&Ϛ3y2kdqZWܡ%HVN:B_HJyl)NJ%aFBEeߢRi+ĬGF'*>R0PrMN+[V(i_&.6IX[Sn]oڔ6ڛ5fzF[|Cزb6LIV;qp)C2?Q q{:2zJӺ6Bk r爄\>ڔ1oW>1J_A8O:cu\~W;s@M|:6W$2)LHvxS等jJ~󅲦{rfWbu([Q1,Wd]nVA Ѹ2mLÁy,/ۼCʛU);Zc7rWhQ3}VRTO/ej`֍@PEB#0 oܞz~ d:0n~ce1.1T J0l""EiOZYN"v56a%2dQN =VtZBO*,;33g3q\ηZ]Pz"R Nϗ4W h(S}(\“ɧswt9> p(1nbMBg\DU%,st_{\p;U5&$2C>Xt6qܕP*.JiyW>dX7C:#xܒ9 s;Sz<-M BN~yy:_T[-#VzBDnʛX_4FmH6D>Jf.;f0 ˍFz:ߤgYi9ԞHV_XD̑꬙]4yΛiYU@jO#x$PӳlGϐ$f}Խf%?(cLB۞ȓc5!`~SbH?jryUU16O29p?$7J=>t$s᭒>zٖːx٬>&}Ϸ[F,zΌiVJ>],a_ӉK:Dמ#Ĥ}~S g&ӋlQS+,Zf;jF+ FL a}}⇥zy1E3IqǓ9/oQ䘟H'1S7%uHZoƢϒE-!F12*7U8u@/\X)ή3]cBYR;y 2TTog,T4ר[ǭ[b\V? /N~E:ݘɗ6Ϻ?aav` Hs X 'c 464|X$ё&Sә6sR蓉o]ÓUxJJ4&kzLߖD*CVS|KۇTlaJ0pfA36cf =Jqd_OSg3 >4ȗa@*n v׿M;v\4.Y?){S>a6~IxH 8ӈmmfpoi3ԛ,dPF.M7| x)}?o׸kn'^=v4Da"6Qu09XLZ FZR3U'YyכCfJra!_tG =||5+mkrw-RH})Lŏ;b3k6R~ѱ I&ARSޭ;Pք@RG ~uo{"jCڒ^7,ڸ۬"tdH$SggEDG65oSw;ogxZ47QV93 |Z~tweBA=0~ q0vu^6QqL¤4D˵[kz_(,Qӳ=ʟ2OuE'⟤*$[AR;w:hw:X0M68D+wL l W܁͵^=Iý?MiM]b+:G"8 JbXڞLVUw{wuVQGT'rśwt<>E)[ ?GST0\oTu0sa)?R-Ǭa=īE%2L&m6\#Ysl35w~S|HZr u&ƾ)Z~ZLMfhiۀq؊ zHnԇT́Bs{@qn[Z˼`$;pSV-:u{g p+q`+>\]oZ_}|;lP;uy) )rKLlzB^Lv:R:(i1NGjSwl Z6i@]1NrX0֯*>,E*H%,<&R/ .򩛅Mp+YV|5ެI\҇##z<2e*5B /s/bfV*]O|)3!s@[x "w.ђBWE0)c !S/T=ze$᣹f0Z!&gͶ!͂T/i{-wɘV U"7 ~StO54d C7}##-H[<$KB|ROۦkD/ g(9l O$¨V%Zc_P Yyy&~cA.%k~ӕU UD}W?sAH èlI?NDH>B'vDFYW KkH) UIwn#*iW/>9!U'/\ʰ|8P)e;>Ypʏ@3@_ET]6)h#&8؇0('F#T:Q_8A#~UJA~aifu8C ~[KÍhj*k'8W!|XBlFf$2cꂆ*{Cjbi/İʁUL@fG6P;eU#P-n&)Gi@,Iv)I?6#'dǤ:4UU~SAv )GHGy-4-|.3@U0Elv|gLj_5+ddF݅ +oq=@k#!%B[Z1yIgrŔuhl:ѻͤ(&j0pK[Y.5&[|Crf_P08m%/Q;?|cNk[Ӗ]/DXY"Y(cP(E|&SKd o]R佰 64S]ܧl1sU[8.mx^z:'}N t36XLg-|:όMp`vCHlQv>!7<0L1=u $R%GxA\s2C6sS&kc)8c bWOz Mti 9 (*O5 @TnOeEWxƔ%YP #q ƣF3fHz-vu_CZc6ij?Ԫ;S5w^!Y9S/6UnФa;kh5Xl,+{;X`N6v]Ù J?Hx~6=*N>#g5:YWCló+׌@0ݤl4`"/>txWa3c{ 4խ9G/I=-0P[ꅭYOmfJ!QKL(ؖmc\0ERM"?;XٓckS)?v/%Kw)JpL4tT+{?xʘG)c|seհ07!GBV-Z6U9$ "4˱v4˄GD _(]H.3i) (| @Q%QgK_@C)y(2 !>$ٶ< !j ;#歱;W|y4GkrH >kO*OBs3cGE+*1rz߷ [no ?h|O8h(?Q}ɼ=k%_NXK}K @i:z԰i^ BS1g}TBR$( njcQ`<.e>֥`b$&Cה5f|)-bȖ5Z3l| [$D2=a8O= ug" NjVޠtsM',85⊊e tɼ~@J0v07dx@mwbYV&)f Y7(B CJ΄/<i)@ykh>u\ꩽJ}p QvRl{kwh2"P M%!\bx2@z彗 `xH"5Z|<Σnmj VY`':1%P,߰\BϔJ}tW-_)3mznUbfr&Jbj5ݔc~'9arx/6 Q8[udU96 K:/ITH?c۾́Yl&Wv}.,ujj@R.W5"급L`Slb^c/OD`R(ՑUk-[$oyg}t-G3N"g 11r[JRLD|QG~EKaiqf N蔶N~DiҲMstpI~uuWg+T`_16Xג" @vdtyp ,9kAȥipߣ#ְݕմө<ң=bbwV&r_;I2JCy*YՃƄ,r..&`VRuQ3BBЊ-^9ζXr.畕x"x$ψߙR @n~};/ӛ.,-N$9yڛOʘ9آe?2;;\ݯo}͍4G1{;*QyxDHr;2* 'ͥ X_qDT"suC2ezSG}\IUBG#IQ9A *UMI:Ʒ])@rr"8?]bSOf4 c:m?lױ 픱>DҜ?7uf=)ҥϣ;(UWKS yKzJd /i63OdfZe{R-YS- $߻sC\6Zrjr61_AC>'*4ѥ߶mNxS[5!~U m{ti)aڷI) vFyٔ{6R()?~ܵ}\m>mz})=t^}_-̧pD'nRUh}d܇.·!:"=>j\HY'{!b6ᇂ`T6)3tlGd4s/ϔɗՄʼ@3xc՛|ʷ/B#Bk#ysUev JwXMˉ-&#vp|He`N\"D9If7,_G4IOrub ~mES^k׮١U;Jt *4i0oE@r8KQoPf*]"ʳ-O贵T,KG̽u)4G=c!ȕ9 /%x8 ޻_I=☓4Edy4SG)pxYi] Add/Remove Snap-in..."fFrom the left panel, select the "Resultant Set of Policy", click "Add" and then click "OK" to proceed.?Ensure "Logging mode" is selected and click "Next" to continue.@Ensure "This computer" is selected and click "Next to continue".Select an appropriate user account which has access to FTI. If the system is used for administrative purposes, select Administrator.;Click "Next" on the following screen to generate RSoP data.YTo execute the tests in this SCSEM manually, please perform the following steps to begin:Local Security Policy or Local Group Policy Editor should be used for settings which are not reflected in the RSoP Data Report.Export RSoP to file:rWith an account with administrative privileges, open the Command Prompt by typing "cmd" on the Windows Start Menu.QNavigate to the directory where you would like the exported file to be generated.Type "gpresult /h gpreport.html" to export the report in HTML format. The file will only contain policies which are set by the agency.1.)2.)3.)4.)5.)6.)7.)8.)OS/App Version:Security Setting ReferenceAuthor.Agency Representatives and Contact InformationLThis SCSEM was designed to comply with Section 508 of the Rehabilitation ActAgencies should use this SCSEM to prepare for an upcoming Safeguards review. It is also an effective tool for agency use as part of internal periodic security assessments or internal inspections to ensure continued compliance in the years when a Safeguards review is not scheduled. The agency can also use the SCSEM to identify the types of policies and procedures required to ensure continued compliance with IRS Publication 1075.Introduction and Purpose:tPre-populated number to uniquely identify SCSEM test cases. The ID format includes the platform, platform version dand a unique number (01-XX) and can therefore be easily identified after the test has been executed.rThe test case is executed by Interview, Examine or Test methods in accordance with the test methodology specified qin NIST SP 800-53A. In test plans where SCAP testing is available, Automated and Manual indicators are added to Wthe Test method to indicate whether the test can be accomplished through the SCAP tool.yApplicable to Microsoft Windows and Internet Explorer, this field will identify the location of the configuration setting$in the Group or Local Policy Editor.uA detailed description of the step-by-step instructions to be followed by the tester. The test procedures should be Rexecuted using the applicable NIST 800-53A test method (Interview, Examine, Test).{Applicable to Microsoft Windows and Internet Explorer, the security setting identifies the title of the setting which will Dbe found at the policy location in the Group or Local Policy Editor.zThe tester shall provide appropriate detail describing the outcome of the test. The tester is responsible for identifyingeInterviewees and Evidence to validate the results in this field or the separate Notes/Evidence field.zThe tester indicates the status for the test results (Pass, Fail, Info, N/A). "Pass" indicates that the expected results ywere met. "Fail" indicates the expected results were not met. "Info" is temporary and indicates that the test executionttest subject is not capable of implementing the expected results and doing so does not impact security. The tester 7must determine the appropriateness of the "N/A" status.ris not completed and additional information is required to determine a Pass/Fail status. "N/A" indicates that the vAs determined appropriate to the tester or as required by the test method, procedures or expected results, the tester nmay need to provide additional information pertaining to the test execution (Interviewee, Documentation, etc.)From the MMC, select "Resultant Set of Policy" and from right panel, select "More Actions > Generate RSoP Data..." to begin RSoP Wizard.YThis SCSEM was created for the IRS Office of Safeguards based on the following resources.o% IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies (August 2010)|AC-21, AU-13, AU-14, CP-3, CP-8, CP-9, CP-10, IA-8, PE-9, PE-10, PE-11, PE-12, PE-13, PE-14, PE-15, PM-1, PM-3, PM-5, PM-6, zPM-7, PM-8, PM-9, PM-10, PM-11, SA-12, SA-13, SA-14, SC-16, SC-20, SC-22, SC-25, SC-26, SC-27, SC-28, SC-29, SC-30, SC-31,SC-33, SC-34, SI-8, SI-13AC-1, AC-14, AC-18, AC-19, AC-20, AC-22, AT-3, AT-4, AU-1, AU-7, AU-11, CA-1, CA-2, CA-3, CA-5, CA-6, CA-7, CM-1, CM-2, CM-3, CM-4, CM-5, CM-6, CM-7, CM-8, CM-9, CP-1, CP-2, CP-4, CP-6, IA-1, IR-3, IR-7, IR-8, MA-1, MA-2, MA-3, MA-4, MA-5, PL-1, PL-2, PL-4, PL-5, PL-6, PM-2, RA-1, RA-2, RA-3, RA-5, SA-1, SA-2, SA-3, SA-4, SA-5, SA-6, SA-7, SA-8, SA-10, SA-11, SC-1, SC-5, SC-7, SC-12, SC-15, SC-17, SC-18, SC-19, SC-32, *SI-1, SI-4, SI-5, SI-7, SI-9, SI-10, SI-11AT-1, AT-2, CP-7, IR-1, IR-2, IR-4, IR-5, IR-6, MP-1, MP-2, MP-3, MP-4, MP-5, MP-6, MP-7, PE-1, PE-2, PE-3, PE-4, PE-5, PE-6, PE-7, PE-8, PE-16,P PE-17, PE-18, PM-4, PS-1, PS-2, PS-3, PS-4, PS-5, PS-6, PS-7, PS-8, SA-9, SI-12% Expected Results% Actual Results5Obtaining Group Policy Settings in Microsoft Windows: Device Name:Office of SafeguardsInternal Revenue ServiceThe IRS strongly recommends agencies test all Safeguard Computer Security Evaluation Matrix (SCSEM) settings in a development or testenvironment prior to deployment in production. In some cases a security setting mayimpact a system s functionality and usability. Consequently,it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configurationshould match the production system configuration. Prior to making changes to the < production system, agencies should back up all critical datafiles on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary.This SCSEM is used by the IRS Office of Safeguards to evaluate compliance with IRS Publication 1075 for agencies that have implemented Booz Allen HamiltonPolicy LocationCM-6DisabledEnabledAC-2AC-4SC-8AC-17SI-2PrintersSystem SettingsAC-3CM-2AC-11IA-5CM-7Solicited Remote AssistanceSC-9Enabled: 30 minutes or lessAU-9IA-2Account Policies GroupaComputer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout PolicyAccount lockout thresholdAC-7Account lockout durationS0 minutes (Requires manual intervention by the Administrator to unlock the account)Reset lockout counter afterZComputer Configuration\Windows Settings\Security Settings\Account Policies\Password PolicyMaximum password age590 days for standard user. 60 days for administratorMinimum password ageMinimum password length 8 charactersAdvanced Audit Policy Settings'Microsoft Solutions for Security Group YComputer Configuration\Windows Settings\Security Settings\Local Policies\Security Options9Highest protection, source routing is completely disabledSecurity OptionsIA-4Accounts: Guest account statusAC-85The warning banner is compliant with IRS guidelines and contains the following 4 elements: - the system contains US government information - users actions are monitored and audited - unauthorized use of the system is prohibited - unauthorized use of the system is subject to criminal and civil penalties.Interactive logon: Smart card removal behavior2Network access: Remotely accessible registry paths7Network access: Shares that can be accessed anonymouslyBNetwork access: Do not allow anonymous enumeration of SAM accounts0Interactive logon: Do not display last user nameBypass traverse checkingCreate global objectsAdministrators)Impersonate a client after authentication Perform volume maintenance tasksChange the system timeReplace a process level tokenIncrease scheduling priorityShut down the system"Adjust memory quotas for a processRestore files and directoriesLoad and unload device driversCreate a pagefileCreate a token object-Deny access to this computer from the network%Access this computer from the networkLock pages in memory(Take ownership of files or other objectsLog on as a batch job$Remove computer from docking station#Force shutdown from a remote systemAllow log on locallyProfile single process"Modify firmware environment valuesProfile system performanceJDeviation: IRS Publication 1075 requires specific warning banner language.Y% Internal Revenue Manual (IRM) 10.8.20, IT Security, Windows Security Policy (2/22/2012)ocomplement tests executed through the Security Content Automation Protocol (SCAP) or through manual evaluation.)Verify the current approved service pack.5The current, approved service pack will be installed.bInstruct the administrator to identify all locations on the local hard disk which could have FTI. gAll "Fail" entries are selected. Ensure the appropriate sub-folders are also included in the settings.ZComputer Configuration\Windows Settings\Security Settings\Local Policies\Security Options >Interactive Logon: Message text for users attempting to log on 60 minutes7Accounts: Rename guest account a value other than Guest$The Guest account should be renamed.GAccounts: Rename administrator account a value other than Administrator,The Administrator account should be renamed.[Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\*Password must meet complexity requirementsBSetting must be a minimum of "Send NTLMv2 response only\refuse LM".Interactive Logon: Do not require CTRL ALT DELDDomain Member: Digitally encrypt secure channel data (when possible)ADomain Member: Digitally sign secure channel data (when possible)CInteractive Logon: Prompt user to change password before expiration_System Objects: Strengthen default permissions of internal system objects (e.g. Symbolic links)Enabled:All Drives<Network access: Named pipes that can be accessed anonymously =Computer Configuration\Administrative Templates\System\Logon Security SettingsIComputer Configuration\Administrative Templates\System\Remote Assistance User Rights AssignmentkANONYMOUS LOGON; Guests; Support_388945a0; Renamed Guest Account; all non-operating system service accounts3Domain Member: Maximum Machine Account Password Age30 or less, but not 0.7Network security: Force logoff when logon hours expire DComputer Configuration\Administrative Templates\System\Group Policy +Turn Off Background Refresh of Group PolicyXComputer Configuration\Administrative Templates\Windows Components\Windows Media Player +300000 or 5 minutes (recommended) or less.@Network access: Remotely accessible registry paths and sub-paths3User must enter a password each time they use a key$System Settings: Optional SubsystemsEDomain Member: Digitally encrypt or sign secure channel data (always)@Microsoft Network Client: Digitally sign communications (always)HComputer Configuration\Windows Settings\Account Policies\Password Policy_. The title should indicate "Warning!" or equivilent."Administrators Authenticated UsersAdministrators Backup Operators>Enable computer and user accounts to be trusted for delegation7Out of Scope Controls - Unselected NIST 800-53 Controls/ % SCSEM Subject: Microsoft Windows Server 2008Microsoft Windows Server 2008 for a system that receives, stores, processes or transmits Federal Tax Information (FTI). The tests in this SCSEM WIN2K8-001SC-7Network SettingscComputer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies 6to4 StateEnabled: Disabled State WIN2K8-002`Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ WIN2K8-003KAccounts: Limit local account use of blank passwords to console logon only WIN2K8-004 WIN2K8-005 WIN2K8-006AC-14#Act as part of the operating system\LocalSQLService WIN2K8-007.NETWORK SERVICE, LOCAL SERVICE, Administrators WIN2K8-008Administrators, Users WIN2K8-009,Allow log on through Remote Desktop Services$Administrators, Remote Desktop Users WIN2K8-010KComputer Configuration\Administrative Templates\System\Device Installation 3Allow remote access to the Plug and Play interface WIN2K8-011Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\+Always prompt for password upon connection WIN2K8-012Always use classic logon WIN2K8-013yConfigure the policy values for Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options WIN2K8-014MNetwork access: Do not allow anonymous enumeration of SAM accounts and shares WIN2K8-015AU-2Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Audit Policy ChangeSuccess WIN2K8-016Failure WIN2K8-017"Audit Authentication Policy Change WIN2K8-018Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\!Audit Computer Account Management WIN2K8-019 WIN2K8-020Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential Validation WIN2K8-021 WIN2K8-022Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Syste< m Audit Policies\Object Access\Audit ob System WIN2K8-023{Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit IPSec Driver WIN2K8-024 WIN2K8-025Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\ Audit Logoff WIN2K8-026 Audit Logon WIN2K8-027 WIN2K8-028%Audit Other Account Management Events WIN2K8-029 WIN2K8-030Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Tracking\Audit Process Creation WIN2K8-031Audit Registry WIN2K8-032Audit Security Group Management WIN2K8-033 WIN2K8-034Audit Security State Change WIN2K8-035 WIN2K8-036Audit Security System Extension WIN2K8-037 WIN2K8-038Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Sensitive Privilege Use WIN2K8-039 WIN2K8-040Audit Special Logon WIN2K8-041Audit System Integrity WIN2K8-042 WIN2K8-043Audit User Account Management WIN2K8-044 WIN2K8-0451Audit: Audit the access to global system objects WIN2K8-0465Audit: Audit the use of Backup and Restore privilege WIN2K8-047sAudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings WIN2K8-048CP-9Back up files and directories WIN2K8-049@Administrators Authenticated Users Local Service Network Service WIN2K8-050Administrators Local Service WIN2K8-051Change the time zone WIN2K8-052LComputer Configuration\Administrative Templates\Network\Windows Connect Now =Configuration of wireless settings using Windows Connect Now WIN2K8-053TComputer Configuration\Administrative Templates\Windows Components\Windows Defender %Configure Microsoft Spynet Reporting WIN2K8-054 WIN2K8-055 WIN2K8-0567Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE WIN2K8-057Create permanent shared objects WIN2K8-058Create symbolic links WIN2K8-059Debug Programs WIN2K8-060UComputer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Default behavior for AutoRun +Enabled:Do not execute any autorun commands WIN2K8-061 WIN2K8-062Deny log on as a service WIN2K8-063Deny log on locallyGuests WIN2K8-064/Devices: Allow Undock Without Having to Log On WIN2K8-0655Devices: Allowed to Format and Eject Removable Media WIN2K8-0667Devices: Prevent users from installing printer drivers WIN2K8-067SI-3UComputer Configuration\Administrative Templates\Windows Components\Windows Installer 9Disable IE security prompt for Windows Installer scripts WIN2K8-068[Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting Disable Logging WIN2K8-069 Disable Windows Error Reporting WIN2K8-070Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection #Do not allow clipboard redirection WIN2K8-071"Do not allow COM port redirection WIN2K8-072Do not allow drive redirection WIN2K8-073"Do not allow LPT port redirection WIN2K8-074|Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client #Do not allow passwords to be saved WIN2K8-075+Do not allow smart card device redirection WIN2K8-0768Do not allow supported Plug and Play device redirection WIN2K8-077Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary Folders $Do not delete temp folder upon exit WIN2K8-078RDo not send a Windows error report when a generic driver is installed on a device WIN2K8-079Do not send additional data WIN2K8-080"Do Not Show First Use Dialog Boxes WIN2K8-081(Do not use temporary folders per session WIN2K8-082 WIN2K8-083 WIN2K8-084 WIN2K8-0858Domain Member: Disable Machine Account Password Changes WIN2K8-086 WIN2K8-087BDomain Member: Require Strong (Windows 2000 or Later) Session Key WIN2K8-088 WIN2K8-089CM-3"Enable user control over installs WIN2K8-090uComputer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack WIN2K8-091]Computer Configuration\Administrative Templates\Windows Components\Credential User Interface .Enumerate administrator accounts on elevation WIN2K8-0929Computer Configuration\Administrative Templates\Printers\;Extend Point and Print connection to search Windows Update WIN2K8-093Configure auditing on each partition/drive to audit all "Failures" for the "Everyone" group. Right click on Folder/ob, click on Properties > Security > Advanced > Auditing. WIN2K8-094 WIN2K8-095Generate security auditsLocal Service, Network Service WIN2K8-0967Administrators, Service, Local Service, Network Service WIN2K8-097Increase a process working set WIN2K8-098 WIN2K8-099 WIN2K8-100 WIN2K8-101\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options -> WIN2K8-102@Interactive Logon: Message title for users attempting to log on WIN2K8-103cInteractive Logon: Number of previous logons to cache (in case Domain Controller is not available) 2 logons or less. WIN2K8-104 5-14 days WIN2K8-105"Lock Workstation or Force Logoff . WIN2K8-106IP-HTTPS State}Enabled: Disabled State Note: "IPHTTPS URL:" must be entered in policy even if set to Disabled State, enter  about:blank . WIN2K8-107Registry Hive: HKEY_LOCAL_MACHINE Subkey: System\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisabledComponents Type: REG_DWORD Value: 0xffffffffDisable IPv6 on all interfaces.RIPv6 will be disabled until a deliberate transition strategy has been implemented. WIN2K8-108 ISATAP State WIN2K8-109CM-5 WIN2K8-110#Computer Management\Disk Management All partitions/drives use NTFS.+Local volumes will be formatted using NTFS. WIN2K8-111 WIN2K8-112\LocalLogonBatch WIN2K8-113`Computer Configuration\Administrative Templates\Windows Components\Event Log Service\ApplicationMaximum Log Size (KB) Enabled:32768 WIN2K8-114]Computer Configuration\Administrative Templates\Windows Components\Event Log Service\SecurityEnabled:196608 WIN2K8-115ZComputer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup WIN2K8-116[Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System WIN2K8-117 WIN2K8-118KMicrosoft Network Client: Digitally sign communications (if server agrees) WIN2K8-119ZMicrosoft Network Client: Send unencrypted password to connect to third-party SMB servers WIN2K8-120SMicrosoft Network Server: Amount of idle time required before suspending a session.15 minutes or less WIN2K8-121AMicrosoft Network Server: Digitally sign communications (always) WIN2K8-122KMicrosoft Network Server: Digitally sign communications (if Client agrees) WIN2K8-123EMicrosoft Network Server: Disconnect Clients When Logon Hours Expire WIN2K8-124BMicrosoft Network Server: Server SPN target name validation level Off WIN2K8-125xComputer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool`Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider WIN2K8-126 WIN2K8-127Modify an object label WIN2K8-128 WIN2K8-129?MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) WIN2K8-130iMSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) WIN2K8-131dMSS: (Disab< leIPSourceRouting) IP source routing protection level (protects against packet spoofing) WIN2K8-132QMSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes WIN2K8-133KMSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds WIN2K8-134WMSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic ;Only ISAKMP is exempt (recommended for Windows Server 2003) WIN2K8-135mMSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers WIN2K8-136oMSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) WIN2K8-137CMSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) WIN2K8-138oMSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) 5 or less WIN2K8-139|MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) 3 or less WIN2K8-140wMSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) WIN2K8-141pMSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning 90 or less WIN2K8-142]Network access: Do not allow storage of passwords and credentials for network authentication WIN2K8-143BNetwork access: Let everyone permissions apply to anonymous users WIN2K8-144 WIN2K8-145 WIN2K8-146 WIN2K8-147DNetwork access: Restrict anonymous access to Named Pipes and Shares WIN2K8-148)Defined but containing no entries (Blank) WIN2K8-149>Network access: Sharing and security model for local accounts 0Classic  local users authenticate as themselves WIN2K8-150GNetwork Security: Allow Local System to use computer identity for NTLM WIN2K8-151:Network Security: Allow LocalSystem NULL session fallback WIN2K8-152`Network Security: Allow PKU2U authentication requests to this computer to use online identities WIN2K8-153ANetwork Security: Configure encryption types allowed for KerberosSEnabled: RC4_HMAC_MD5 AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future Encryption Types WIN2K8-154NNetwork security: Do not store LAN Manager hash value on next password change WIN2K8-155 WIN2K8-1563Network security: LAN Manager authentication level WIN2K8-1573Network security: LDAP client signing requirements Negotiate signing WIN2K8-158]Network security: Minimum session security for NTLM SSP based (including secure RPC) clients VRequire NTLMv2 session security ,  Require 128-bit encryption (all options selected). WIN2K8-159]Network security: Minimum session security for NTLM SSP based (including secure RPC) servers URequire NTLMv2 session security ,  Require 128-bit encryption (all options selected). WIN2K8-160?Configuration\Administrative Templates\System\Remote AssistanceOffer Remote Assistance WIN2K8-161 WIN2K8-162 WIN2K8-163Prevent Automatic Updates WIN2K8-164yPrevent creation of a system restore point during device activity that would normally prompt creation of a restore point WIN2K8-165JComputer Configuration\Administrative Templates\System\Device Installation0Prevent device metadata retrieval from internet WIN2K8-166MComputer Configuration\Administrative Templates\Windows Components\HomeGroup\.Prevent the computer from joining a homegroup WIN2K8-167[Computer Configuration\Administrative Templates\Windows Components\Windows Anytime Upgrade\-Prevent Windows Anytime Upgrade from running WIN2K8-168rPrevent Windows from sending an error report when a device driver requests additional software during installation WIN2K8-169kComputer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management *Prevent Windows Media DRM Internet Access WIN2K8-170 WIN2K8-171)Administrators, NT Service\WdiServiceHost WIN2K8-1723Prohibit Access of the Windows Connect Now wizards WIN2K8-173LComputer Configuration\Administrative Templates\Network\Network Connections UProhibit installation and configuration of Network Bridge on your DNS domain network WIN2K8-174@Prohibit non-administrators from applying vendor signed updates WIN2K8-1757Recovery Console: Allow automatic administrative logon WIN2K8-176IRecovery Console: Allow floppy copy and access to all drives and folders WIN2K8-177Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection )Redirect only the default client printer WIN2K8-178Registry Policy Processing \Enabled, and the option"Process even if the Group Policy objects have not changed selected. WIN2K8-179Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment 1Remove "Disconnect" option from Shut Down dialog WIN2K8-180PE-3 WIN2K8-1818NETWORK SERVICE, LOCAL SERVICE, WIN2K8-182YComputer Configuration\Administrative Templates\Windows Components\Windows Logon Options =Report when logon server was not available during user logon WIN2K8-183WComputer Configuration\Administrative Templates\System\Power Management\Sleep Settings 6Require a Password When a Computer Wakes (On Battery) WIN2K8-1846Require a Password When a Computer Wakes (Plugged In) WIN2K8-185KComputer Configuration\Administrative Templates\Network\Network ConnectionsBRequire domain users to elevate when setting a network's location WIN2K8-186Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security !Require secure RPC communication WIN2K8-187 Administrators, Backup Operators WIN2K8-188Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections SRestrict Remote Desktop Services users to a Single Remote Desktop Services Session WIN2K8-189MComputer Configuration\Administrative Templates\System\Remote Procedure Call ,Restrictions for Unauthenticated RPC clientsEnabled:Authenticated WIN2K8-190/Route all traffic through the internal network Enabled: Enabled State WIN2K8-191*RPC Endpoint Mapper Client Authentication WIN2K8-192'Set client connection encryption level Enabled:High Level WIN2K8-193Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits DSet time limit for active but idle Remote Desktop Services sessions WIN2K8-194)Set time limit for disconnected sessions :Enabled, with "End a disconnected session set to 1 minute WIN2K8-195 WIN2K8-196?Shutdown: Allow system to be shutdown without having to log on WIN2K8-197Search all drives for *.p12 and *.pfx files. Note: This does not apply to server-based applications that have a requirement for .p12 certificate files (e.g., Oracle Wallet Manager).*.p12 and *.pfx filesFSoftware certificate installation files will be removed from a system. WIN2K8-198HComputer Configuration\Administrative Templates\System\Remote Assistance WIN2K8-1998Specify Search Order for device driver source locations %Enabled: Do not search Windows Update WIN2K8-200*Store password using reversible encryption WIN2K8-201VSystem cryptography: Force strong key protection for user keys stored in the computer WIN2K8-202XSystem cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing WIN2K8-203ESystem Object: Require Case Insensitivity for Non-W< indows Subsystems WIN2K8-204 WIN2K8-205"Blank (Configured with no entries) WIN2K8-206`System Settings: Use Certificate Rules on Windows Executables for Software Restriction Policies WIN2K8-207 WIN2K8-208 Teredo State WIN2K8-209 WIN2K8-210rWindows 2008 - Version 6.0 (Build 6002: Service Pack 2 Windows 2008 R2 - Version 6.1 (Build 7601: Service Pack 1) WIN2K8-211 WIN2K8-212 WIN2K8-213 WIN2K8-214 WIN2K8-215Enforce password history WIN2K8-216 WIN2K8-217lComputer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS) WIN2K8-218oComputer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication(Turn off "Event Viewer Events.asp" links WIN2K8-219,Turn off Automatic Root Certificates Update WIN2K8-220Turn off AutoPlay WIN2K8-221)Turn off Autoplay for non-volume devices WIN2K8-222CComputer Configuration\Administrative Templates\System\Group Policy WIN2K8-223TComputer Configuration\Administrative Templates\Windows Components\Windows Explorer\0Turn off Data Execution Prevention for Explorer WIN2K8-224MComputer Configuration\Administrative Templates\Windows Components\RSS Feeds #Turn off downloading of enclosures WIN2K8-225QComputer Configuration\Administrative Templates\Windows Components\Game Explorer )Turn off downloading of game information WIN2K8-226/Turn off downloading of print drivers over HTTP WIN2K8-227QComputer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updates WIN2K8-228pComputer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communications1Turn off handwriting recognition error reporting WIN2K8-229TComputer Configuration\Administrative Templates\Windows Components\Windows Explorer (Turn off heap termination on corruption WIN2K8-230TTurn off Internet Connection Wizard if URL connection is referring to Microsoft.com WIN2K8-231ITurn off Internet download for Web publishing and online ordering wizards WIN2K8-232+Turn off Internet ob Association service WIN2K8-233cComputer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services 4Turn Off Microsoft Peer-to-Peer Networking Services WIN2K8-234Turn off printing over HTTP WIN2K8-235]Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Program Inventory WIN2K8-236FTurn off Registration if URL connection is referring to Microsoft.com WIN2K8-237.Turn off Search Companion content file updates WIN2K8-238'Turn off shell protocol protected mode WIN2K8-239(Turn off the "Order Prints picture task WIN2K8-2408Turn off the "Publish to Web" task for files and folders WIN2K8-241FTurn off the Windows Messenger Customer Experience Improvement Program WIN2K8-2429Turn off Windows Customer Experience Improvement Program WIN2K8-243!Turn off Windows Error Reporting WIN2K8-244KComputer Configuration\Administrative Templates\System\Driver Installation 4Turn off Windows Update device driver search prompt WIN2K8-245/Turn off Windows Update device driver searching WIN2K8-246VComputer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery #Turn on Mapper I/O (LLTDIO) driver WIN2K8-247"Turn on Responder (RSPNDR) driver WIN2K8-248Turn on session logging WIN2K8-249QUser Account Control: Admin Approval Mode for the Built-in Administrator account WIN2K8-250kUser Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop WIN2K8-251aUser Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent WIN2K8-252JUser Account Control: Behavior of the elevation prompt for standard users %Automatically deny elevation requests WIN2K8-253PUser Account Control: Detect application installations and prompt for elevation WIN2K8-254MUser Account Control: Only elevate executables that are signed and validated WIN2K8-255`User Account Control: Only elevate UIAccess applications that are installed in secure locations WIN2K8-256DUser Account Control: Run all administrators in Admin Approval Mode WIN2K8-257PUser Account Control: Switch to the secure desktop when prompting for elevation WIN2K8-258XUser Account Control: Virtualize file and registry write failures to per-user locations WIN2K8-259zComputer Configuration\Administrative Templates\System\Internet Communication Management\ Internet Communication settings 6Turn off Windows Movie Maker automatic codec downloads WIN2K8-260-Turn off Windows Movie Maker online Web links WIN2K8-261DTurn off Windows Movie Maker saving to online video hosting provider WIN2K8-262UComputer Configuration\Administrative Templates\Windows Components\Online Assistance Turn off Untrusted Content WIN2K8-263JComputer Configuration\Administrative Templates\Windows Components\Search !Allow indexing of encrypted files WIN2K8-264K Computer Configuration\Administrative Templates\Windows Components\Search )Enable indexing uncached Exchange folders WIN2K8-265lMSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) WIN2K8-266Anti-Virus Software/Anti-Virus Software is installed on the system.The anti-virus software is set to automatically scan the system periodically and virus definition files are current (within past 14 days). WIN2K8-267Dormant user accounts1. For a selected sample of users on the system, perform the next steps. 2. From the command line type "net user username". 3. Ensure the Last Logon Date is not greater than 60 days for privileged accounts and 90 days for normal user accounts.tAll privileged and standard user accounts have been logged in to within the past 60 days and 90 days, respectively. WIN2K8-268"Administrator rights on the system1. From the command line, type "net localgroup administrators". 2. Ensure all users are valid and supposed to be part of the Administrators group.vAll accounts listed in the Administrators group are valid and are supposed to be assigned to the Administrators group. WIN2K8-269AU-3Content of Audit Records#1. Click on "Start" 2. Click "Settings", then "Control Panel" 3. Click "Administrative Tools" 4. Click "Event Viewer" 5. Right click each log (Application, System, Security) and select Properties. 6. Verify the information captured for each audit event in the Event Viewer column headings. VThe Event Viewer captures: Type, Date, Time, Source, Category, Event, User, Computer. CCE-11356-3 CCE-10086-7 CCE-9992-9 CCE-10976-9 CCE-10747-4 CCE-10232-7 CCE-10849-8 CCE-10853-0 CCE-10858-9 CCE-11248-2 CCE-11299-5 CCE-11256-5 CCE-10027-1 CCE-10557-7 CCE-10487-7 CCE-10619-5 CCE-10112-1 CCE-10880-3 CCE-10369-7 CCE-10122-0 CCE-10897-7 CCE-11242-5 CCE-11638-4 CCE-9937-4 CCE-10770-6 CCE-10792-0 CCE-10796-1 CCE-10911-6 CCE-10915-7 CCE-11431-4 CCE-10733-4 CCE-10226-9 CCE-10750-8 CCE-10883-7 CCE-10637-7 CCE-9999-4 CCE-10343-2 CCE-11621-0 CCE-11708-5 CCE-11303-5 CCE-10600-5 CCE-11709-3 CCE-11623-6 CCE-11905-7 CCE-11517-0 CCE-11128-6 CCE-12046-9 CCE-12274-7 CCE-11584-0 CCE-11596-4 CCE-10669-0 CCE-10871-2 CCE-10875-3 CCE-10775-5 CCE-10903-3 CCE-10541-1 CCE-10618-7 CCE-10906-6 CCE-11889-3 CCE-11450-4 CCE-11976-8 CCE-10785-4 CCE-10274-9 CCE-9946-5 CCE-10548-6 CCE-9961-4 CCE-10788-8 CCE-10810-0 CCE-10673-2 CCE-10010-7 CCE-10926-4 CCE-10930-6 CCE-10573-4 CCE-10832-4 CCE-11141-9 CCE-10202-0 CCE-10955-3 CCE-10549-4 CCE-11143-5 CCE-11033-8 CCE-11717-6 CCE-11174-0 CCE-10970-2 CCE-10974-4< CCE-10838-1 CCE-10362-2 CCE-10992-6 CCE-10978-5 CCE-10983-5 CCE-10617-9 CCE-10855-5 CCE-10372-1 CCE-10567-6 CCE-10659-1 CCE-10745-8 CCE-10888-6 CCE-10732-6 CCE-10518-9 CCE-10381-2 CCE-10018-0 CCE-10653-4 CCE-10768-0 CCE-10772-2 CCE-10019-8 CCE-10804-3 CCE-10941-3 CCE-11011-4 CCE-10292-1 CCE-10297-0 CCE-10944-7 CCE-10949-6 CCE-10935-5 CCE-10940-5 CCE-10821-7 CCE-10825-8 CCE-10817-5 CCE-10812-6 CCE-10839-9 CCE-10843-1 CCE-10830-8 CCE-10588-2 CCE-10984-3 CCE-10614-6 CCE-10035-4 CCE-10040-4 CCE-11625-1 CCE-10901-7 CCE-9984-6 CCE-11298-7 CCE-10546-0 CCE-11589-9 CCE-10691-4 CCE-10544-5 CCE-11336-5 CCE-11052-8 CCE-10458-8 CCE-10193-1 CCE-11155-9 CCE-12074-1 CCE-11468-6 CCE-10370-5 CCE-10643-5 CCE-10977-7 CCE-12754-8 CCE-11997-4 CCE-10969-4 CCE-10599-9 CCE-12260-6 CCE-12088-1 CCE-11651-7 CCE-11610-3 CCE-11368-8 CCE-10805-0 CCE-12016-2 CCE-10881-1 CCE-11300-1 CCE-10715-1 CCE-11677-2 CCE-11506-3 CCE-11117-9 CCE-10439-8 CCE-10419-0 CCE-11723-4 CCE-11787-9 CCE-10905-8 CCE-11035-3 CCE-10789-6 CCE-10986-8 CCE-11010-6 CCE-10913-2 CCE-10900-9 CCE-10954-6 CCE-11865-3 CCE-9989-5 CCE-10399-4 CCE-10562-7 CCE-10760-7 CCE-11046-0 CCE-10809-2 CCE-11059-3 CCE-11161-7 CCE-10693-0 CCE-11264-9 CCE-11126-0 CCE-11375-3 CCE-14437-8 CCE-12161-6 CCE-11739-0 CCE-11563-4 CCE-11807-5 CCE-11030-4 CCE-10981-9 CCE-12082-4 CCE-11136-9 CCE-10697-1 CCE-11604-6 CCE-11360-5 CCE-11043-7 CCE-11112-0 CCE-10889-4 CCE-11530-3 CCE-11243-3 CCE-11587-3 CCE-11958-6 CCE-11354-8 CCE-11750-7 CCE-11319-1 CCE-10357-2 CCE-10484-4 CCE-11304-3 CCE-11263-1 CCE-11028-8 CCE-10534-6 CCE-11023-9 CCE-10807-6 CCE-10794-6 CCE-10922-3 CCE-10570-0 CCE-10684-9 CCE-10109-7 CCE-10865-4 CCE-4242-4 CCE-4732-4 CCE-4997-3 CCE-3046-0 CCE-10496-8 CCE-9866-5 CCE-3244-1uIn Windows 2008, under "Windows Components" the security options are refered to as Terminal Services\Terminal Server.cDeviation: IRS Publication 1075 requires a minimum of 8 characters vs. DISA STIG requirement of 14.In Windows 2008, the setting is known as  Network access: Do not allow storage of credentials or .NET passports for network authentication A"Send NTLMv2 response only\refuse LM & NTLM is suggested for R2.?Deviation: DISA requires 15 minutes. IRS policy is 30 minutes.0Current service pack levels updated August 2012.MDeviation: DISA requires 15 minutes. IRS policy is for this setting to be 0.Deviation: This test is evaluted through SCAP. However, the tester should identify the target machine user account and determine whether the account is associated with an administrator or standard user. DISA requires 60 days and does not specify administrator/standard user types.=Deviation: DISA requires 5 invalid attempts; IRS requires 3.0Applies to Windows 2008 ONLY. Mark as N/A if R2.GApplies only to 2008 SP2 or if Search 4.0 installed. Mark as N/A if R2.Following accounts are exempt from this requirement: - built-in administrator/guest account - application accounts - disabled accounts - IUSR guest account (used with IIS or Peer Web Services)F% Windows 2008/2008 R2 MS & DC STIG Benchmarks Version 6, Release 1.26% NIST Control Name&Full name which describes the NIST ID.hMinor update to correct worksheet locking capabilities. Added back NIST control name to Test Cases Tab.NIST Control NameBoundary ProtectionAccess EnforcementUnsuccessful Login Attempts:Permitted Actions without Identification or Authentication Remote Access Session LockConfiguration SettingsAuditable EventsInformation System BackupLeast Functionality8Identification and Authentication (Organizational Users)Malicious Code ProtectionFlaw RemediationAuthenticator ManagementProtection of Audit InformationTransmission ConfidentialityConfiguration Change ControlAccount ManagementSystem Use NotificationAccess Restrictions for ChangeTransmission IntegrityInformation Flow EnforcementIdentifier ManagementBaseline ConfigurationPhysical Access ControlTesting ResultsTables 1 and 2 (below) are automatically calculated. Table 3 should be completed if an automated tool was used to execute tests from this SCSEM.In the "Test Cases" tab, automated tests should have the status as "Automated". If values are entered for SCAP results, those values will becalculated into the Table 1.The "Info Needed" status is provided for use by the tester during test execution to indicate more information is needed to complete the test.It is not an acceptable final test status, all test cases should be "Pass", "Fail", "Not Applicable" or "Automated" at the conclusion of testing.This table calculates all 1. Final Test Results2. Overall SCSEM Statisticstests in the Test Cases tabassuming no modificationshave been made to thespreadsheet format. Info NeededNot Applicable AutomatedOnly enter SCAP results&3. Enter SCAP Results (if applicable):if an automated tool wasused to execute part ofor all of the test cases in this SCSEM.Total SCAP Tests Performed = InterviewExamine % SCSEM Version: 1.3HPlease submit SCSEM feedback and suggestions to SafeguardReports@IRS.govHObtain SCSEM updates online at http://www.irs.gov/uac/Safeguards-ProgramPUpdates based on Publication 1075. See SCSEM notes column for specific updates.h% NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations!24 passwords (or more) remembered3/3/14: Updated to 24.1 day3/3/14: Updated to 1 day.3 invalid attemptsSeparate Component?Yes% % SCSEM Release Date: April 11, 2014 Agency Code: Closing Date:Shared Agencies: )j j&k kl|En(prEv( v Qz49~   d#~M G L  n {"b!e$z98P-H% N   ' As#x> @v4U8e 4 EEpC 9 s_Gq:  - _C$w86epOf* } @  \  t  4 K/cFz^s 1* ##WccB g2 /p-6P9  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?M6Microsoft XPS Document WriterX odXXLetterDINU"L r SMTJMicrosoft XPS Document WriterInputBinFORMSOURCERESDLLUniresDLLInterleavingOFFImageTypeJPEGMedOrientationPORTRAITCollateOFFResolutionOption1PaperSizeLETTERColorMode24bpp MXDW"d??&U} $ }  } $ } $} $ /;;h@@     @@     "           "             "     /  /  0  /  /  /  /  / W /   [  "         B*X22&222&222222&22222222222&222 !"#$%&'()*,`-`.`   "! " " # # $ $ % % & & '  (\(  )))  ** , - . 2&22222 * '(   ' A:??:The official logo of the IRSPicture 1The official logo of the IRS"ÞPK!9^[Content_Types].xmlAN0EH%NY tA*T0'E2 JMN vi{ɖz$cȢ*%2鉣-uAg>zӶ/3[0߀:r5a8>GT8Wr>wOo?aΫǮUv_PK!+2mdrs/picturexml.xmlU[o0~`r @%U4۪.`ؑ&HU{iʓ}}߹Cю*ͤ(qx`DE%k&6%2!&\ ZC "V*B`(qk̶}]#Jno#UG lƯx(R_o%n)5ރgr>)h\4XpQOWڷAG$JZWl0hi r7#,F{'&49Έ#q3n˪ݳ^ |w $P/A:0ϊ R$UpF0~}a5X;aSd['wGrsݖ/ӹYOm׌CuIUW/Ue5U{)j@e9.[!HiR}(3:x: he^`m`P0dQ`Tҭ{tBŢ*ܸ@NY),fť0'A}N?ۖYɃ|؋tr׋K4YN2kEꚊi 7رJI-sUwCOǧ0 x>i^heVX!QFN˧Aa~AyHwL1 Kl_|e-pH1C+qv g?dgPK!+ܹvdrs/downrev.xmlT]O0M1N:F6)d!~EAvvi Lz9:հ ZW- L^Rjp3ԹlF?`6qnzԗh7*1.PI3-j*驴%ϭp0bdJ80NJGZ/~|KQ.sNAD aJ]2 t/Ŭ }3P.x/ ^0&}FaMGvpq<(("PK-!9^[Content_Types].xmlPK-! 1_rels/.relsPK-!+2m.drs/picturexml.xmlPK-!+ܹvMdrs/downrev.xmlPK b pi]&'`>@dw fInsert Test Type (required only when there is an automated testing tool available to conduct the test) %-.H #Insert tester name and organizatione aO *Insert City, State and address or building Sheet1gg\ g2 !ML?XX  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV ''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ !h @  @ @ @ @ @@ @@ @ @@@@@ w@@`` p  3 4444444444445 6q  6r  6s  "6 6t  6u  "7 " 899999::99999; <v => ?w @@AB Cx DDDEF <y => G HHIB G JJJKF <z =>LM N O BPQ N N O R <{ => S T2 U D;+ PassAZM V 7%   D % B B W  X% Y ;+ B! Yp@ D D % Zp@ ;+B [ <| => S T2U D;+ FailAZMV 7%  D% BB\\\\\[ ]=> S}T2^;+  Info NeededAZM_7%  D% BB\\\\\` ]=> a~b5c;+ Not ApplicableAZdB\\\\\` ]=e fg0h;+  AutomatedAZdB\\\\\` "]=eiijdB\\\\\` < =e kllm\\\\\\` < =e noop\\\\\\` < =e q rs t\\\\\\` < =e u vw~ x\\\\\\` < =e y z{~ |\\\\\\` ]=e } ~# %\\\\\` "   > 022222&22&&^^^{v&HH^^^k& ` "PH 0(  >@d  ; 0(   ;0(   {+{ {+{hSCAP Results ErrorzThe data input for SCAP Pass and Fail results must be a whole number. Enter the total count of Passed and Failed results.HSCAP Results ErrorzThe data input for SCAP Pass and Fail results must be a whole number. Enter the total count of Passed and Failed results.gg\ g2 8dxnu  dMbP?_*+%& # &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ } $ } $ 8  @ @ @@@@!!!!!!!@@@ #  `        " ]  ^  _  "  $  :  a   b  ;  4 S  T 5  c  d  e 6  < =  f  g >  h  i 7  j  k   ?   l  m 9  n  o  r B X22222&222&2H<HHH<<HH<H<H<HH<H< !"@#$@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@  p  ! !q! "A " "s" # #t# $@ $ $8$ & & 'I '              ( O ( B(             ) P ) C)             * Q * D*             + R + u+             , S , E,             - T - F-             . U . G.             / V / H/             "0              1J 1 "2              3K 3 4 O 4 L4             5 P 5 M5             6 Q 6 N6             "7 2<<H<H22>>>>>>>>&2&2>>>PH00(  >@dA w Sheet6gg\ g2 4-|j". B *R6  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MSend To OneNote 2010 / odLetterDINU" ¬QSMTJSend To Microsoft OneNote 2010 DriverRESDLLUniresDLLPaperSizeLETTEROrientationPORTRAITResolutionDPI600ColorMode24bpp"A??&U} $ } } } $} m } I } } } } $ } } } } $  )|U0Test (Automated)   @                               1  ! V    X      %  Y   $  (  (W # (  $  $  '   -b  $ # (X # ( $ $ (   -c   $ ( (X # ( $ $ '   -d  $ ( (Y # ( $ $ '   -e  $ ( (Y # ( $ $ '   -f  $ ( (Z # ( $ $ '   -g  $ ( (X # ( $ $ &   -h  $ # (X # ( $ $ &  -i  $ # ([ # ( $ $ '  -j  $  ( (X # ( $! $" '  -k  $# # (\ # ( $$ $% '  -l  $& ( (\ # ( $ $' '  -m  $( # (] # ( $) $ '   -n   $* # (] # ( $) $+ '   -o   $, (- (^ # ( $. $/ '0- $1 (- (^ # ( $. $/ &2- $3 (- (^ # ( $. $4 &0- $5 (- (^ # ( $6 $7 &0- $8 (- (^ # ( $6 $7 &2- $9 (- (^ # ( $: $; &0- $< (- (^ # ( $: $; &2- $= (- (^ # ( $> $? &2- $@ (- (^ # ( $A $B &0- $C (- (^ # ( $A $B &2- $D (- (^ # ( $E $F '0- $G (- (^ # ( $E $H &0- $I (- (^ # ( $E $H '2- $J (- (^ # ( $6 $K '0- $L (- (^ # ( $6 $K '2- $M (- (^ # ( $N $O &0- Dl0 ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  $P (- (^ # ( $> $Q '2 - !$R !(- !(^ !# !( !$6 !$S !'0!- "$T "(- "(^ "# "( "$6 "$S "&2"- #$U #(- #(^ ## #( #$A #$V #&0#- $$W $(- $(^ $# $( $$A $$V $&2$- %$X %(- %(^ %# %( %$A %$Y %'0%- &$Z &(- &(^ &# &( &$A &$Y &'2&- '$[ '(- '(^ '# '( '$\ '$] ''0'- ($^ ((- ((^ (# (( ($\ ($] (&2(- )$_ )(- )(^ )# )( )$E )$` )'0)- *$a *(- *(^ *# *( *$A *$b *&0*- +$c +(- +(^ +# +( +$A +$b +&2+- ,$d ,(- ,(^ ,# ,( ,$6 ,$e ,'0,- -$f -(- -(^ -# -( -$6 -$e -&2-- .$g .(- .(^ .# .( .$ .$h .' . . -p.  /$i /(- /(^ /# /( /$ /$j /' / / -q/  0$k 0(- 0(^ 0# 0( 0$ 0$l 0' 0 0 -r0  1$m 1#n 1(_ 1# 1( 1$ 1$o 1( 1 1 -s 1  2$p 2( 2(X 2# 2( 2$ 2$ 2'q 2 2 -t2  3$r 3( 3(` 3# 3( 3$ 3$ 3(s 3 3 -u3  4$t 4( 4(` 4# 4( 4$ 4$u 4's 4 4 -v4  5$v 5( 5([ 5# 5(  5$w 5$x 5' 5 5 -w5  6$y 6( 6(] 6# 6( 6$z 6${ 6' 6 6 -x6  7$| 7( 7(X 7# 7( 7$ 7$ 7' 7 7 -y7  8$} 8( 8(X 8# 8( 8$ 8$ 8&~ 8 8 -z8  9$ 9( 9(X 9# 9( 9$ 9$ 9& 9 9 -{9  :$ :( :(X :# :( :$ :$ :&~ : : -|:  ;$ ;( ;(] ;# ;( ;$ ;$ ;' ; ; -};  <$ <( <(X <# <( <$ <$ <&~ < < -~<  =$ =( =(` =# =( =$ =$ =' = = -=  >$ ># >(a ># >( >$ >$ >& > > - >  ?$ ?( ?(X ?# ?( ?$ ?$ ?'~ ? ? -? Dpl@ A B C D E F G H I J K L M N O P Q R S T U V W X Y c@Z [ \ ] ^  _  @$ @# @(a @# @( @$ @$ @' @ @ - @  A$ A( A(] A# A( A$ A$ A' A A -A  B$ B( B(] B# B( B$ B$ B' B B -B  C$ C( C(X C# C( C$ C$ C' C C -C  D$ D# D(b D# D( D$ D$ D& D D - D  E$ E(- E(^ E# E( E$ E$ E' E E -E  F$ F( F(c F# F( F$ F$ F' F F -F  G$ G( G(] G# G( G$ G$ G' G G F G -G  H$ H( H(] H# H( H$ H$ H' H H F H -H  I$ I( I(] I# I( I$ I$ I' I I -I  J$ J( J(] J# J( J$ J$ J' J J F J -J  K$ K# K(d K# K( K$ K$ K' K K - K  L$ L( L(] L# L( L$ L$ L' L L F L -L  M$ M( M(] M# M( M$ M$ M' M M F M -M  N$ N( N(e N# N( N$ N$ N' N N -N  O$ O( O(c O# O( O$! O$ O' O O -O  P$ P( P(c P# P( P$ P$ P' P P -P  Q$ Q( Q(] Q# Q( Q$ Q$ Q' Q Q -Q  R$ R( R(] R# R( R$ R$ R' R R -R  S$ S# S(f S# S( S$ S$ S' S S - S  T$ T# T(f T# T( T$ T$ T' T T - T  U$ U# U(f U# U( U$ U$ U' U U - U  V$ V( V(d V# V( V$ V$ V' V V -V  W$ W( W(X W# W( W$ W$ W' W W -W  X$ X# X(] X# X( X$ X$ X' X X - X  Y$ Y( Y(] Y# Y( Y$ Y$ Y&~ Y Y -Y  Z$ Z( Z(g Z# Z( Z$ Z$ Z' Z Z -Z  [$ [( [(] [# [( [$ [$ [' [ [ -[  \$ \( \(h \# \( \$ \$ \' \ \ -\  ]$ ]( ](c ]# ]( ]$ ]$ ]& ] ] -]  ^$ ^( ^(] ^# ^( ^$ ^$ ^'^$ _$ _( _([ _# _( _$ _$ _& _ _ -_ Dl` a b c d e f g h i j k l m n o p q r s t u v '@w x @y z { @| } ~ @  `$ `(- `(^ `# `( `$ `$ `' ` ` -`  a$ a( a(h a# a( a$ a$ a& a a -a  b$ b( b(X b# b( b$ b$ b%s b b -b  c$ c( c(X c# c( c$ c$ c' c c -c  d$ d( d(h d# d( d$ d$ d' d d -d  e$ e( e(h e# e( e$ e$ e' e e -e  f$ f( f(X f# f( f$ f$ f' f f $ f f  g$ g( g(i g# g( g$ g$ g' g g  g -g  h$ h( h(X h# h( h$ h$ h' h h -h  i$ i( i(d i# i( i$ i$ i' i i -i  j$ j( j(X j# j( j$ j$ j' j j -j  k$ k( k(] k# k(  k$  k$ k& k k -k  l$ l( l(] l# l( l$ l$ l&l- m$ m( m(] m# m(  m$  m$ m' m m -m  n$ n( n(j n# n( n$ n$ n' n n -n  o$ o( o(j o# o( o$ o$ o'o- p$ p( p(b p# p( p$ p$ p&~ p p -p  q$ q( q(d q# q( q$ q$ q& q q -q  r$ r(- r(^ r# r( r$ r$ r' r r -r  s$ s(- s(^ s# s( s$ s$ s& s s -s  t$ t(- t(^ t# t( t$ t$ t& t t -t  u$ u(- u(^ u# u( u$ u$ u& u u -u  v$ v( v(k v# v( v$ v$ v' v v -v  w$ w( w(X w# w( w$ w$ w' w w -w  x$ x# x(X x# x( x$ x$  x' x x - x  y$  y( y(k y# y( y$ y$  y'  y y -y  z$  z( z(] z# z( z$ z$ z' z z -z  {$ {( {(X {# {( {$ {$ {' { { -{  |$ |( |(X |# |( |$ |$ |' | | -|  }$ }# }(f }# }( }$ }$ }' } } - }  ~$ ~(  ~(W ~# ~( ~$ ~$ ~' ~ ~ -~  $ # (d # ( $ $ '   G  -  Dl   T@     ` @ # @  T@            @    E@      $ ( (X # ( $ $ '  -  $ ( (g # ( $ $ '  -  $ # (X # ( $ $ '  -  $ ( (X # ( $ $  '  -  $! ( (X # ( $ $" '  -  $# ( (X # ( $ $$ &  -  $% ( (l # ( $ $& '  -  $' ( (l # ( $ $( ')  -  $* ( (l # ( $ $+ '  -  $, ( (l # ( $ $- '  -  $. ( (l # ( $ $/ '  -  $0 ( (X # ( $ $1 '2  -  $3 ( (X # ( $ $4 '5  -  $6 ( (X # ( $ $7 '5  -  $8 ( (l # ( $ $9 ':  -  $; # (m # ( $ $< '  H -  $= # (h # ( $ $> '  -  $? ( (h # ( $ $ '  -  $@ ( (X # ( $ $ '  -  $A # (` # ( $ $ '  -  $B ( (` # ( $ $C '  -  $D # (a # ( $ $ 'E  -  $F # (a # ( $ $G 'H  -  $I # (a # ( $ $J '  -  $K # (a # ( $ $L '  -  $M # (a # ( $ $N '  -  $O # (f # ( $ $P 'Q  -  $R # (X # ( $ $S '  -  $T ( (\ # ( $ $ '  -  $U # (X # ( $ $V '  I -  $W ( (` # ( $ $X 'Y  -  $Z # (X # ( $ $[ '\  - Dl               S@          @ d@      @ $] # (` # ( $ $^ &_  -  $` ( ([ # ( $a $b '  -  $c # (d # ( $ $ '  -  $d ( (X # ( $ $ '  -  $e ( (] # ( $ $f '  -  $g ( (] # ( $! $h '  -  $i ( (] # ( $j $k &  -  $l ( (] # ( $m $n '  -  $o ( (c # ( $p $q &  -  $r ( (] # ( $j $s &  -  $t ( (] # ( $u $v '  -  $w ( (] # ( $ $ '  -  $x ( (] # ( $ $ 'y  -  $z ( (] # (  $w ${ '  -  $| (  (W # (  $} $~ '  -  $ ( (b # ( $ $ &  -  $ # (a # ( $ $ '  -  $ ( (n # ( $ $ '  -  $ ( (n # ( $ $ '  F -  $ ( (n # ( $ $ '  -  $ ( (n # ( $ $ '  F -  $ ( (o # ( $ $ '  -  $ ( (] # ( $ $ '  -  $ ( (h # ( $ $ '  -  $ # (d # ( $ $ '  -  $ # (d # ( $ $ '  -  $ ( (h # (  $ $ &  -  $ ( (h # ( $ $ '  -  $ (n (_ # ( $ $ '  -  $ ( ([ # ( $ $ '  -  $ # (] # ( $ $ '  -  $ ( (l # (  $ $ &  - Dl           b@                       $ ( (] # ( $ $ '  -  $ # (f # ( $ $ '  -  $ ( ([ # ( $ $ '  J -  $ ( (\ # ( $ $ '  -  $ ( (X # ( $ $ '  -  $ ( (` # ( $ $ '  -  $ ( (` # ( $ $ '- $ ( (] # ( $ $ '  -  $ ( (] # ( $j $ '  -  $ # (] # ( $ $ '  -  $ # (d # ( $ $ '  -  $ # (f # ( $ $ '  -  $ ( (f # ( $ $ '  -   $ ( (] # ( $ $ '  -   $ ( (] # ( $ $ '  -   $ ( (] # ( $ $ '  -   $ # (] # ( $ $ '  -   $ ( (k # (  $  $ &  -  $ # (` # ( $ $ &  -  $ # (` # ( $ $ '  K -  $ ( (` # ( $ $ &  L -  $ # (` # ( $ $ '  $M   $ # (` # ( $ $ &   -  $ # (` # ( $ $ &  N -  $ # (` # ( $ $ &   -  $ ( (` # ( $ $ &  -  $ ( (] # ( $ $ %  -  $ ( (g # ( $ $ &  -  $ ( (g # ( $ $ &  -  $ # (] # ( $ $ '  -  $ # (] # ( $ $ '  -  $ ( (n # ( $ $ '  - Dl                           @   E@ @  $ ( (g # ( $ $ &  -  $ ( (g # ( $ $ '- $ ( (g # ( $ $ '  -  $ ( (g # ( $ $ $  -  $ ( (g # ( $ $ &  -  $ ( (c # ( $ $ '  -   $ ( (g # ( $ $ '  -!  $ ( (g # ( $ $ &  -"  $ ( (g # ( $ $ $  -#  $ ( (g # ( $ $ '  -$  $ ( (g # (  $ $ '  -%  $ ( (g # ( $ $  $  -&  $  ( (] # ( $  $  &  -'  $  ( (] # ( $ $ &  -(  $ ( (] # ( $ $ $  -)  $ ( (] # ( $ $ '  -*  $ ( (] # ( $ $ '  -+  $ ( (] # ( $ $ $  -,  $ (  (W # ( $ $ $  --  $ (  (W # ( $ $ &  -.  $ ( (c # ( $ $ '  -/  $ ( (X # ( $ $ '  -0  $  ( (g # ( $ $! $  -1  $" ( (] # (  $# $$ '  -2  $% ( (] # (  $# $& '  -3  $' (- (^ # ( $ $( '  -4  $) # (h # ( $ $* '  -5  $+ # (X # ( $ $, '  -6  $- ( (h # ( $ $. '/  -7  $0 # (h # ( $ $1 '2  -8  $3 # (X # ( $ $4 '  -9  $5 # (X # ( $ $6 '  -: Dl                                    $7 # (X # ( $ $8 '   -;   $9 # (X # ( $ $: '   -<   $; # (X # ( $ $< '   -=   $= * *X + * ) )> ,   ->  $? ( (] # ( -@ -A $   O  -?  $B ( (] # ( -@ -C $   O  -@  $D ( (] # ( -@ -E $   O  -A  $F ( (] # ( -G -H $   O  -B  $I ( (] # ( -J -K $   O  -C  $L ( (] # ( -M -N $   P  -D   $O ( (X # ( $ $P '   O  -E   $Q ( (b # $R $S $R 'T $ $U ( (h # $V $W $V 'X   $Q   $Y ( (h # .Z .[ .Z .\ $ $] (^ (_ # $_ .` $_ .a$  22 "   ~ }     < 6@(  R  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d  ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR   C  ]F ! d ZR   C   ]F ! d ZR   C   ]F ! d ZR   C   ]F ! d ZR   C   ]F ! d >@Z A w  ; d  *Pass; d  ?@Fail; d   Info Needed{+{ {+{ {+{ /  % /  % Sheet2gg\ g2 JQ  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ } $ } $  @ @ @  @@@@@@ &  '  v  w      R  "   ,  x  y  z  +  *  {  |  }  ~  " (  )      " 62222222&22222222222&2222>@dA w Sheet7gg\ g2 uZ]^  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ } mT} m      0  - . / Z?~ @ 3 "^@,@ 1U "@`@a@       08<22 PHP 0(   >@dA   w Sheet8gg\ Oh+'0 hp    IRS Office of Safeguards SCSEM$IT Security Compliance EvaluationBooz Allen Hamiltonusgcb, stig, pub1075The IRS strongly recommends agencies test all SCSEM settings in a development or test environment prior to deployment in production. In some cases a security setting may impact a systems functionality and usability. Consequently, it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configuration should match the production system configuration. Prior to making changes to the production system, agencies should back up all critical data files on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary.Christa BatorMicrosoft Excel@/p+@s@=_i՜.+,D՜.+,p, `h|   securityOffice of SafeguardsInternal Revenue Service  DashboardResults Instructions Test Cases Appendix Change LogAppendix!Print_Area'Change Log'!Print_AreaDashboard!Print_AreaInstructions!Print_Area'Test Cases'!Print_Area'Test Cases'!Print_Titles  Worksheets Named Ranges(Zb_PID_LINKBASE_NewReviewCycleAThttp://www.irs.gov/uac/Safeguards-Program  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry FWorkbooky_SummaryInformation(DocumentSummaryInformation8