UCF STIG Viewer Logo

Microsoft SCOM Security Technical Implementation Guide


Date Finding Count (18)
2021-03-15 CAT I (High): 7 CAT II (Med): 7 CAT III (Low): 4
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-237429 High The Microsoft SCOM Service Accounts and Run As accounts must not be granted enterprise or domain level administrative privileges.
V-237425 High SCOM Run As accounts used to manage Linux/UNIX endpoints must be configured for least privilege.
V-237424 High Manually configured SCOM Run As accounts must be set to More Secure distribution.
V-237432 High The Microsoft SCOM server must be running Windows operating system that supports modern security features such as virtualization based security.
V-237430 High SCOM SQL Management must be configured to use least privileges.
V-237438 High The SCOM Web Console must be configured for HTTPS.
V-237439 High All SCOM servers must be configured for FIPS 140-2 compliance.
V-237423 Medium Members of the SCOM Administrators Group must be reviewed to ensure access is still required.
V-237427 Medium The Microsoft SCOM Run As accounts must only use least access permissions.
V-237426 Medium The Microsoft SCOM Agent Action Account must be a local system account.
V-237436 Medium The Microsoft SCOM server must use an active directory group that contains authorized members of the SCOM Administrators Role Group.
V-237437 Medium The default Builtin\Administrators group must be removed from the SCOM Administrators Role Group.
V-237431 Medium The Microsoft SCOM server must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
V-237440 Medium A host-based firewall must be configured on the SCOM management servers.
V-237428 Low The Microsoft SCOM administration console must only be installed on Management Servers and hardened Privileged Access Workstations.
V-237434 Low If a certificate is used for the SCOM web console, this certificate must be generated by a DoD CA or CA approved by the organization.
V-237435 Low The Microsoft SCOM SNMP Monitoring in SCOM must use SNMP V3.
V-237433 Low SCOM unsealed management packs must be backed up regularly.