STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2019 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Server 2019 administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

DISA Rule

SV-205845r569188_rule

Vulnerability Number

V-205845

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN19-00-000030

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Establish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced.

The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.

Check Contents

Determine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration.

If it does not, this is a finding.

The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.

Vulnerability Number

V-205845

Documentable

False

Rule Version

WN19-00-000030

Severity Override Guidance

Determine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration.

If it does not, this is a finding.

The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.

Check Content Reference

M

Target Key

2907

Comments