STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020:

Site IT resources designated as high value by the Authorizing Official (AO) must be remotely managed only via a Windows privileged access workstation (PAW).

DISA Rule

SV-92849r1_rule

Vulnerability Number

V-78143

Group Title

PAW-00-000200

Rule Version

WPAW-00-000200

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The Information System Security Manager (ISSM) or other site personnel will assist the Authorizing Official (AO) in designating and documenting which IT resources in the organization are high value. The organization's list of high-value IT resources will include the following:

- Active Directory
- Cloud service
- Identity management service
- Privileged access management service
- Credential management service
- Security management service (anti-virus, network monitoring/scanning, IDS/IPS, etc.)
- Any sensitive business service
- Any other IT resource designated as high value by the AO

Set up procedures to ensure a Windows PAW is used to remotely manage each of these types of IT resources.

Check Contents

Review site documentation to confirm required high-value IT resources are remotely managed only via a PAW.

Verify the site maintains a list of designated high-value IT resources and the list contains the following IT resources (if deployed at the site):

- Active Directory
- Cloud service
- Identity management service
- Privileged access management service
- Credential management service
- Security management service (anti-virus, network monitoring/scanning, IDS/IPS, etc.)
- Any sensitive business/mission service
- Any other IT resource designated as high value by the Authorizing Official (AO)

Identify the PAWs set up to manage these high-value IT resources.

If the organization does not maintain a list of designated high-value IT resources or has not set up PAWs to remotely manage its high-value IT resources, this is a finding.

Vulnerability Number

V-78143

Documentable

False

Rule Version

WPAW-00-000200

Severity Override Guidance

Review site documentation to confirm required high-value IT resources are remotely managed only via a PAW.

Verify the site maintains a list of designated high-value IT resources and the list contains the following IT resources (if deployed at the site):

- Active Directory
- Cloud service
- Identity management service
- Privileged access management service
- Credential management service
- Security management service (anti-virus, network monitoring/scanning, IDS/IPS, etc.)
- Any sensitive business/mission service
- Any other IT resource designated as high value by the Authorizing Official (AO)

Identify the PAWs set up to manage these high-value IT resources.

If the organization does not maintain a list of designated high-value IT resources or has not set up PAWs to remotely manage its high-value IT resources, this is a finding.

Check Content Reference

M

Target Key

3283

Comments