STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020: STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020:SV-92879r1_rule
V-78173
PAW-00-001500
WPAW-00-001500
CAT II
10
Set up separate domain administrative accounts to manage PAWs from domain administrative accounts used to manage high-value IT resources. Each of these accounts is not to be used for any other purpose.
Note: Personnel assigned as PAW administrators should be the most trusted and experienced administrators within an organization.
Verify at least one group has been set up in Active Directory (usually Tier 0) for administrators responsible for maintaining PAW workstations (for example, PAW Maintenance group).
Verify no administrator account or administrator account group has been assigned to both the group of PAW workstation administrators and any group for administrators of high-value IT resources.
If separate PAW administrator groups and administrators of high-value IT resources have not been set up, this is a finding.
If a member of any group of PAW maintenance administrators is also a member of any group of administrators of high-value IT resources, this is a finding.
V-78173
False
WPAW-00-001500
Verify at least one group has been set up in Active Directory (usually Tier 0) for administrators responsible for maintaining PAW workstations (for example, PAW Maintenance group).
Verify no administrator account or administrator account group has been assigned to both the group of PAW workstation administrators and any group for administrators of high-value IT resources.
If separate PAW administrator groups and administrators of high-value IT resources have not been set up, this is a finding.
If a member of any group of PAW maintenance administrators is also a member of any group of administrators of high-value IT resources, this is a finding.
M
3283