STIGQter STIGQter: STIG Summary: Windows PAW Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 15 May 2020:

If several PAWs are set up in virtual machines (VMs) on a host server, domain administrative accounts used to manage high-value IT resources must not have access to the VM host operating system (OS) (only domain administrative accounts designated to manage PAWs should be able to access the VM host OS).

DISA Rule

SV-92893r1_rule

Vulnerability Number

V-78187

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WPAW-00-002600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the VM host OS so only domain administrative accounts designated to manage PAWs have administrative rights on the VM host OS.

Check Contents

Verify at least one group has been set up in Active Directory (usually Tier 0) for administrators responsible for maintaining VM host OSs (usually the same as the PAW workstation administrator's group).

Verify no administrator account or administrator account group has been assigned to both the group of VM host OS administrators and any group for administrators of high-value IT resources.

If separate VM host OS administrator groups and administrators of high-value IT resources have not been set up, this is a finding.

Vulnerability Number

V-78187

Documentable

False

Rule Version

WPAW-00-002600

Severity Override Guidance

Verify at least one group has been set up in Active Directory (usually Tier 0) for administrators responsible for maintaining VM host OSs (usually the same as the PAW workstation administrator's group).

Verify no administrator account or administrator account group has been assigned to both the group of VM host OS administrators and any group for administrators of high-value IT resources.

If separate VM host OS administrator groups and administrators of high-value IT resources have not been set up, this is a finding.

Check Content Reference

M

Target Key

3283

Comments