Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Users must not be allowed to run virtual machines in Hyper-V on the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-63365 | WN10-00-000080 | SV-77855r2_rule | Medium |
| Description |
|---|
| Allowing other operating systems to run on a secure system may allow users to circumvent security. Preventing users from being assigned to the Hyper-V Administrators group will prevent them from accessing or creating virtual machines on the system. The Hyper-V Hypervisor is used by Virtualization Based Security features such as Credential Guard on Windows 10; however, it is not the full Hyper-V installation. |
| STIG | Date |
|---|---|
| Windows 10 Security Technical Implementation Guide | 2017-12-01 |
Details
| Check Text ( C-76165r2_chk ) |
|---|
| Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Groups. Double click on "Hyper-V Administrators". If any groups or user accounts are listed in "Members:", this is a finding. If the workstation has an approved use of Hyper-V, such as being used as a dedicated admin workstation using Hyper-V to separate administration and standard user functions, the account(s) needed to access the virtual machine is not a finding. |
| Fix Text (F-69285r1_fix) |
|---|
| Remove any groups or users from the "Hyper-V Administrators" group. |