Title

Policy must require that system administrators (SAs) be trained for the operating systems used by systems under their control. (Cat II impact)

Discussion

If SAs are assigned to systems running operating systems for which they have no training, these systems are at additional risk of unintentional misconfiguration that may result in vulnerabilities or decreased availability of the system.

Check Content

Determine whether the site has a policy that requires SAs be trained for all operating systems running on systems under their control. If the site does not have a policy requiring SAs be trained for all operating systems under their control, this is a finding.

Fix Text

Establish site policy that requires SAs be trained for all operating systems running on systems under their control.

Additional Identifiers

Rule ID:

Vulnerability ID: V-36666

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.