Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-63327 | WN10-00-000015 | SV-77817r2_rule | Medium |
Description |
---|
A system's firmware or system controller handles the initial startup of a system, and its configuration must be protected from unauthorized modification. When the firmware or system controller supports the creation of user accounts or passwords, such protections must be used and accounts/passwords only assigned to system administrators. Failure to protect firmware or system controller settings could result in denial of service or compromise of the system resulting from unauthorized configuration changes. |
STIG | Date |
---|---|
Windows 10 Security Technical Implementation Guide | 2016-06-24 |
Check Text ( C-69221r1_chk ) |
---|
Verify a supervisor or administrator password is set in the firmware or system controller. If a password is not configured, this is a finding. If access is restricted by way of hypervisor configuration settings on virtual systems, this would not be a finding. |
Fix Text (F-69247r1_fix) |
---|
Configure a supervisor/administrator password in the system firmware. |