STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020:

Administrators of high-value IT resources must complete required training.

DISA Rule

SV-92847r1_rule

Vulnerability Number

V-78141

Group Title

PAW-00-000100

Rule Version

WPAW-00-000100

Severity

CAT III

CCI(s)

• CCI-000101 - The organization disseminates a security awareness and training policy to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Add the following topics to initial and annual update training modules for system administrators of high-value IT resources:

- Remotely manage high-value IT resources only via a PAW.
- Administrative accounts will not be used for non-administrative functions (for example, read email, browse Internet).

Check Contents

Review site training records and verify the organization's system administrators of high-value IT resources have received the following initial and annual training:

- Remotely manage high-value IT resources only via a PAW.
- Administrative accounts will not be used for non-administrative functions (for example, read email, browse Internet).

If required training has not been completed by the organization's system administrators of high-value IT resources, this is a finding.

Vulnerability Number

V-78141

Documentable

False

Rule Version

WPAW-00-000100

Severity Override Guidance

Review site training records and verify the organization's system administrators of high-value IT resources have received the following initial and annual training:

- Remotely manage high-value IT resources only via a PAW.
- Administrative accounts will not be used for non-administrative functions (for example, read email, browse Internet).

If required training has not been completed by the organization's system administrators of high-value IT resources, this is a finding.

Check Content Reference

M

Target Key

3283

Comments