Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1140 | 1.006 | SV-29681r2_rule | ECLP-1 | High |
Description |
---|
Using a privileged account to perform routine functions makes the computer vulnerable to attack by any virus or Trojan Horse inadvertently introduced during a session that has been granted full privileges. The rule of least privilege should always be enforced. |
STIG | Date |
---|---|
Windows 2008 Domain Controller Security Technical Implementation Guide | 2014-06-27 |
Check Text ( C-7884r2_chk ) |
---|
Ask the System Administrator (SA) to show the necessary documentation that identifies the members of this privileged group. This check verifies each user with administrative privileges has been assigned a unique account, separate from the built-in “Administrator” account. This check also verifies the default “Administrator” account is not being used. Administrators should be properly trained before being permitted to perform administrator duties. The IAO will maintain a list of all users belonging to the Administrator’s group. If any of the following conditions are true, then this is a finding: •Each SA does not have a unique userid dedicated for administering the system. •Each SA does not have a separate account for normal user tasks. •The built-in administrator account is used to administer the system. •Administrators have not been properly trained. •The IAO does not maintain a list of users belonging to the Administrator’s group. |
Fix Text (F-32r2_fix) |
---|
Create the necessary documentation that identifies the members of this privileged group. Ensure each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met. |