STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft SCOM Security Technical Implementation Guide

V-237440

CAT II (Medium)

A host-based firewall must be configured on the SCOM management servers.

Rule ID

SV-237440r961620_rule

STIG

Microsoft SCOM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002385

Discussion

To prevent a DDoS, a firewall that inspects and drops packets must be configured.

Check Content

The steps in this check will vary based on the host-based firewall being used in the environment. 

For Windows Firewall, type wf.msc. 

Verify that the firewall is set to On. 

Click on Inbound rules and verify that there are no any-any allow rules in any profile. 

If McAfee is installed, it will be visible in the system tray. Verify with a McAfee administrator that there are no any-any rules allowing full access. 

If no host-based firewall is installed, or a host-based firewall is configured to allow all traffic inbound, this is a finding.

Fix Text

Configure a host-based firewall based on the organization's standards. A full list of ports needed for SCOM to function properly can be found here: https://docs.microsoft.com/en-us/system-center/scom/plan-security-config-firewall?view=sc-om-2019.