Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
System BIOS or system controllers must have administrator accounts/passwords configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36663 | WIN00-000011 | SV-54963r2_rule | ECLP-1 | Medium |
| Description |
|---|
| A system's BIOS or system controller handles the initial startup of a system, and its configuration must be protected from unauthorized modification. When the BIOS or system controller supports the creation of user accounts or passwords, such protections must be used and accounts/passwords only assigned to system administrators. Failure to protect BIOS or system controller settings could result in Denial of Service or compromise of the system resulting from unauthorized configuration changes. |
| STIG | Date |
|---|---|
| Windows Server 2008 R2 Member Server Security Technical Implementation Guide | 2015-09-02 |
Details
| Check Text ( C-48723r2_chk ) |
|---|
| Verify a supervisor or administrator password is set in the BIOS or system controller. If a password is not configured, this is a finding. If access is restricted by way of hypervisor configuration settings on virtual systems, this would not be a finding. |
| Fix Text (F-47844r2_fix) |
|---|
| Access the system's BIOS or system controller. Configure a supervisor/administrator password. Restrictions may also be applied through hypervisor configuration settings for virtual machines. |