STIGQter STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020:

A Windows PAW used to manage domain controllers and directory services must not be used to manage any other type of high-value IT resource.

DISA Rule

SV-92875r1_rule

Vulnerability Number

V-78169

Group Title

PAW-00-001300

Rule Version

WPAW-00-001300

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Set aside one or more PAWs for remote management of Active Directory.

Ensure they are used only for the purpose of managing directory services. Otherwise, use the local domain controller console to manage Active Directory.

Check Contents

If domain controllers and directory services are only managed with local logons to domain controllers, not remotely, this requirement is not applicable.

Discuss with the Information System Security Manager (ISSM) or PAW system administrators and review any available site documentation.

Verify that a site has designated specific PAWs for the sole purpose of remote management of domain controllers and directory service servers.

Review any available site documentation.

Verify that any PAW used to manage domain controllers and directory services remotely are used exclusively for managing domain controllers and directory services.

If the site has not designated specific PAWs for the sole purpose of remote management of domain controllers and directory service servers, this is a finding.

If PAWs used for managing domain controllers and directory services are used for additional functions, this is a finding.

Vulnerability Number

V-78169

Documentable

False

Rule Version

WPAW-00-001300

Severity Override Guidance

If domain controllers and directory services are only managed with local logons to domain controllers, not remotely, this requirement is not applicable.

Discuss with the Information System Security Manager (ISSM) or PAW system administrators and review any available site documentation.

Verify that a site has designated specific PAWs for the sole purpose of remote management of domain controllers and directory service servers.

Review any available site documentation.

Verify that any PAW used to manage domain controllers and directory services remotely are used exclusively for managing domain controllers and directory services.

If the site has not designated specific PAWs for the sole purpose of remote management of domain controllers and directory service servers, this is a finding.

If PAWs used for managing domain controllers and directory services are used for additional functions, this is a finding.

Check Content Reference

M

Target Key

3283

Comments