SV-227074r603265_rule
V-227074
SRG-OS-000080
GEN008620
CAT II
10
Access the system's BIOS or system controller. Set a supervisor/administrator password if one has not been set. Disable a user-level password if one has been set.
On systems with a BIOS or system controller, verify a supervisor or administrator password is set. If a password is not set, this is a finding.
If the BIOS or system controller supports user-level access in addition to supervisor/administrator access, determine if this access is enabled. If so, this is a finding.
The exact procedure will be hardware-dependent, and the SA should be consulted to identify the specific configuration. In the event the BIOS or system controller is not accessible without adversely impacting (e.g., restarting) the system, the SA may be interviewed to determine compliance with the requirement.
V-227074
False
GEN008620
On systems with a BIOS or system controller, verify a supervisor or administrator password is set. If a password is not set, this is a finding.
If the BIOS or system controller supports user-level access in addition to supervisor/administrator access, determine if this access is enabled. If so, this is a finding.
The exact procedure will be hardware-dependent, and the SA should be consulted to identify the specific configuration. In the event the BIOS or system controller is not accessible without adversely impacting (e.g., restarting) the system, the SA may be interviewed to determine compliance with the requirement.
M
4060