Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, "Use the vendor's guidance." Here is the vendor's guidance. Please see these three new blog posts:
Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL – This post includes a zipped download containing documentation, GPO backups, scripts for installing GPOs locally, custom ADMX/ADML for new settings, and WMI filters for use with AD group policy. Note that corresponding CAB files for the Security Compliance Manager (SCM) will be published before the end of the month.
Configuring Account Lockout – the baseline settings for account lockout changed since the beta (and since previous baselines). This post explains why and the tradeoffs organizations need to consider to determine the right account lockout policy for them.
Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta – This post describes the rest of the changes that were made between the beta and the final.