STIGQter STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020:

The Windows PAW must be configured to enforce two-factor authentication and use Active Directory for authentication management.

DISA Rule

SV-92881r1_rule

Vulnerability Number

V-78175

Group Title

PAW-00-001600

Rule Version

WPAW-00-001600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

In Active Directory, configure group policy to enable either smart card or another DoD-approved two-factor authentication method for all PAWs.

- Go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
- Set "Interactive logon: Require smart card" to "Enabled".

Check Contents

Review the configuration on the PAW.

Verify group policy is configured to enable either smart card or another DoD-approved two-factor authentication method for site PAWs.

- In Active Directory, go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
- Verify "Interactive logon: Require smart card" is set to "Enabled".

If group policy is not configured to enable either smart card or another DoD-approved two-factor authentication method, this is a finding.

Vulnerability Number

V-78175

Documentable

False

Rule Version

WPAW-00-001600

Severity Override Guidance

Review the configuration on the PAW.

Verify group policy is configured to enable either smart card or another DoD-approved two-factor authentication method for site PAWs.

- In Active Directory, go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
- Verify "Interactive logon: Require smart card" is set to "Enabled".

If group policy is not configured to enable either smart card or another DoD-approved two-factor authentication method, this is a finding.

Check Content Reference

M

Target Key

3283

Comments