Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1140 | 1.006 | SV-32259r2_rule | ECLP-1 | High |
Description |
---|
Using a privileged account to perform routine functions makes the computer vulnerable to attack by any virus or Trojan Horse inadvertently introduced during a session that has been granted full privileges. The rule of least privilege should always be enforced. |
STIG | Date |
---|---|
Windows Server 2008 R2 Member Server Security Technical Implementation Guide | 2015-06-16 |
Check Text ( C-32884r2_chk ) |
---|
Ask the System Administrator (SA) to show the necessary documentation that identifies the members of this privileged group. This check verifies each user with administrative privileges has been assigned a unique account, separate from the built-in “Administrator” account. This check also verifies the default “Administrator” account is not being used. Administrators should be properly trained before being permitted to perform administrator duties. The IAO will maintain a list of all users belonging to the Administrator’s group. If any of the following conditions are true, then this is a finding: -Each SA does not have a unique userid dedicated for administering the system. -Each SA does not have a separate account for normal user tasks. -The built-in administrator account is used to administer the system. -Administrators have not been properly trained. -The IAO does not maintain a list of users belonging to the Administrator’s group. |
Fix Text (F-32r2_fix) |
---|
Create the necessary documentation that identifies the members of this privileged group. Ensure each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met. |