Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-40195 | WIN00-000013 | SV-55007r2_rule | ECLP-1 | Medium |
Description |
---|
A system's BIOS or system controller handles the initial startup of a system, and its configuration must be protected from unauthorized modification. When the BIOS or system controller supports the creation of user accounts or passwords, such protections must be used and accounts/passwords only assigned to system administrators. Failure to protect BIOS or system controller settings could result in Denial of Service or compromise of the system resulting from unauthorized configuration changes. |
STIG | Date |
---|---|
Windows Server 2008 R2 Member Server Security Technical Implementation Guide | 2015-09-02 |
Check Text ( C-48737r2_chk ) |
---|
If the BIOS or system controller does not support user-level access in addition to supervisor/administrator access, this is NA. If the BIOS or system controller supports user-level access in addition to supervisor/administrator access, determine whether this access is enabled. If user-level access is enabled, this is a finding. If access is restricted by way of hypervisor configuration settings on virtual systems, this would not be a finding. |
Fix Text (F-47886r2_fix) |
---|
Access the system's BIOS or system controller. Disable user-level access. Restrictions may also be applied through hypervisor configuration settings for virtual machines. |