STIGQter STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Only authorized user accounts must be allowed to create or run virtual machines on Windows 10 systems.

DISA Rule

SV-220714r569187_rule

Vulnerability Number

V-220714

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

WN10-00-000080

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

For Hyper-V, remove any unauthorized groups or user accounts from the "Hyper-V Administrators" group.

For hosted hypervisors other than Hyper-V, restrict access to create or run virtual machines to authorized user accounts only.

Check Contents

If a hosted hypervisor (Hyper-V, VMware Workstation, etc.) is installed on the system, verify only authorized user accounts are allowed to run virtual machines.

For Hyper-V, Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Groups.
Double click on "Hyper-V Administrators".

If any unauthorized groups or user accounts are listed in "Members:", this is a finding.

For hosted hypervisors other than Hyper-V, verify only authorized user accounts have access to run the virtual machines. Restrictions may be enforced by access to the physical system, software restriction policies, or access restrictions built in to the application.

If any unauthorized groups or user accounts have access to create or run virtual machines, this is a finding.

All users authorized to create or run virtual machines must be documented with the ISSM/ISSO. Accounts nested within group accounts must be documented as individual accounts and not the group accounts.

Vulnerability Number

V-220714

Documentable

False

Rule Version

WN10-00-000080

Severity Override Guidance

If a hosted hypervisor (Hyper-V, VMware Workstation, etc.) is installed on the system, verify only authorized user accounts are allowed to run virtual machines.

For Hyper-V, Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Groups.
Double click on "Hyper-V Administrators".

If any unauthorized groups or user accounts are listed in "Members:", this is a finding.

For hosted hypervisors other than Hyper-V, verify only authorized user accounts have access to run the virtual machines. Restrictions may be enforced by access to the physical system, software restriction policies, or access restrictions built in to the application.

If any unauthorized groups or user accounts have access to create or run virtual machines, this is a finding.

All users authorized to create or run virtual machines must be documented with the ISSM/ISSO. Accounts nested within group accounts must be documented as individual accounts and not the group accounts.

Check Content Reference

M

Target Key

4072

Comments