STIGQter STIGQter: STIG Summary: Windows 2008 Member Server Security Technical Implementation Guide Version: 6 Release: 43 Benchmark Date: 26 Jul 2019: The Smart Card removal option is set to take no action.

DISA Rule

SV-28472r1_rule

Vulnerability Number

V-1157

Group Title

Smart Card Removal Option

Rule Version

3.047

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Interactive logon: Smart card removal behavior” to “Lock Workstation” or “Force Logoff”.

Check Contents

Servers - Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Interactive logon: Smart card removal behavior” is not set to “Lock Workstation”, or “Force Logoff”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

Value Name: SCRemoveOption

Value Type: REG_SZ
Value: 1 (Lock Workstation) or 2 (Force Logoff)

Documentable Explanation: If configuring this on servers causes issues such as terminating users’ remote sessions and the site has a policy in place that any other sessions on the servers such as administrative console logons are manually locked or logged off when unattended or not in use, this would be acceptable. This will be documented with the IAO.

Vulnerability Number

V-1157

Documentable

True

Rule Version

3.047

Severity Override Guidance

Servers - Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Interactive logon: Smart card removal behavior” is not set to “Lock Workstation”, or “Force Logoff”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

Value Name: SCRemoveOption

Value Type: REG_SZ
Value: 1 (Lock Workstation) or 2 (Force Logoff)

Documentable Explanation: If configuring this on servers causes issues such as terminating users’ remote sessions and the site has a policy in place that any other sessions on the servers such as administrative console logons are manually locked or logged off when unattended or not in use, this would be acceptable. This will be documented with the IAO.

Check Content Reference

M

Third-Party Tools

HK

Responsibility

System Administrator

Target Key

1340

Comments