Title

Changes to the security configuration of software or hardware of a Government-controlled remote access device are made without prior approval of the IAO. (Cat III impact)

Discussion

Strong configuration controls will help prevent unauthorized configuration changes and software installs for the remote devices.

Check Content

This check verifies use of workstation policy and site written policy to prevent unapproved configuration changes. The system’s user and advanced user rights policies must be configured in accordance with DISA requirements to prevent users without administrative rights from installing or changing software or hardware configuration which may adversely affect the security posture of the laptop or workstation. Use the User Manager or Administrative Tools applet to view user accounts and policies for users who access the system’s resources. Select “User Rights” from the “Policies” menu. Select the checkbox, “Show Advanced User Rights.” Click “Cancel” when finished examining the data in this dialog box. By scrolling through the choices in the drop-down box labeled “Right,” navigate to the rights listed below and compare the contents of the “Grant To” listbox with the acceptable values in the following table. If there are any discrepancies, this is a finding. Users Rights Authorized Groups Load and unload device drivers Administrators Modify firmware environment values Administrators Next, examine any procedures or remote access agreement that informs the user of this requirement. If the user is not informed of this requirement or if rights are not restricted to prevent installation of software or device drivers, this is a finding. View a copy of approval letters if such approvals have been authorized.

Fix Text

Create a software baseline.

Additional Identifiers

Rule ID: SV-6799r1_rule

Vulnerability ID: V-6653

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.