Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If several PAWs are set up in virtual machines (VMs) on a host server, domain administrative accounts used to manage high-value IT resources must not have access to the VM host operating system (OS) (only domain administrative accounts designated to manage PAWs should be able to access the VM host OS).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-243465 | WPAW-00-002600 | SV-243465r722970_rule | Medium |
| Description |
|---|
| The VM host OS should be protected from high-value IT resource administrators accidently or deliberately modifying the security settings of the host OS. Therefore, high-value IT resource administrators must not have the ability to perform maintenance functions on the VM host OS platform. |
| STIG | Date |
|---|---|
| Windows PAW Security Technical Implementation Guide | 2021-10-06 |
Details
| Check Text ( C-46740r722964_chk ) |
|---|
| Verify at least one group has been set up in Active Directory (usually Tier 0) for administrators responsible for maintaining VM host OSs (usually the same as the PAW workstation administrator's group). Verify no administrator account or administrator account group has been assigned to both the group of VM host OS administrators and any group for administrators of high-value IT resources. If separate VM host OS administrator groups and administrators of high-value IT resources have not been set up, this is a finding. |
| Fix Text (F-46697r722965_fix) |
|---|
| Configure the VM host OS so only domain administrative accounts designated to manage PAWs have administrative rights on the VM host OS. |