STIGQter: STIG Summary: Microsoft Windows Server 2016 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

DISA Rule

SV-224821r569186_rule

Vulnerability Number

V-224821

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN16-00-000040

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Establish a policy, at minimum, to prohibit administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Ensure the policy is enforced.

The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.

Check Contents

Determine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration.

If it does not, this is a finding.

The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.

Vulnerability Number

V-224821

Documentable

False

Rule Version

WN16-00-000040

Severity Override Guidance

Determine whether organization policy, at a minimum, prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration.

If it does not, this is a finding.

The organization may use technical means such as whitelisting to prevent the use of browsers and mail applications to enforce this requirement.

Check Content Reference

M

Target Key

4205

Comments