STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: Members of the Backup Operators group will have separate accounts for backup duties and normal operational tasks.

DISA Rule

SV-32261r1_rule

Vulnerability Number

V-1168

Group Title

Members of the Backup Operators Group

Rule Version

1.007

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Create the necessary documentation that identifies the members of this privileged group. Ensure each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met.

Check Contents

Review the Backup Operators group in Computer Management and/or Active Directory Users and Computers. If the group contains no accounts, this is not a finding. If the group does contain any accounts, this must be documented as specified below.

Documentable Explanation: Any accounts that are members of the Backup Operators group must be documented with the IAO including application accounts. Each Backup Operator will have a separate user account for backing up the system and for performing normal user tasks.

Vulnerability Number

V-1168

Documentable

True

Rule Version

1.007

Severity Override Guidance

Review the Backup Operators group in Computer Management and/or Active Directory Users and Computers. If the group contains no accounts, this is not a finding. If the group does contain any accounts, this must be documented as specified below.

Documentable Explanation: Any accounts that are members of the Backup Operators group must be documented with the IAO including application accounts. Each Backup Operator will have a separate user account for backing up the system and for performing normal user tasks.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1823

Comments