Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1140 | 1.006 | SV-32259r1_rule | ECLP-1 | Medium |
Description |
---|
Using a privileged account to perform routine functions makes the computer vulnerable to attack by any virus or Trojan Horse inadvertently introduced during a session that has been granted full privileges. The rule of least privilege should always be enforced. |
STIG | Date |
---|---|
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Check Text ( C-32884r1_chk ) |
---|
Ask the System Administrator (SA) to show the necessary documentation that identifies the members of this privileged group. This check verifies that each user with administrative privileges has been assigned a unique account, separate from the built-in “Administrator” account. This check also verifies that the default “Administrator” account is not being used. Administrators should be properly trained before being permitted to perform administrator duties. The IAO will maintain a list of all users belonging to the Administrator’s group. If any of the following conditions are true, then this is a finding: -Each SA does not have a unique userid dedicated for administering the system. -Each SA does not have a separate account for normal user tasks. -The built-in administrator account is used to administer the system. -Administrators have not been properly trained. -The IAO does not maintain a list of users belonging to the Administrator’s group. |
Fix Text (F-32r1_fix) |
---|
Create the necessary documentation that identifies the members of this privileged group. Ensure that each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met. |