Title

Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance. (Cat III impact)

Discussion

Security configuration tools such as Group Policies and Security Templates allow system administrators to consolidate security-related system settings into a single configuration file. These settings can then be applied consistently to any number of Windows machines.

Check Content

Verify security configuration tools or equivalent processes are being used to configure Windows systems to meet security requirements. If security configuration tools or equivalent processes are not used, this is a finding. Security configuration tools that are integrated into Windows, such as Group Policies and Security Templates, may be used to configure platforms for security compliance. If an alternate method is used to configure a system (e.g., manually using the DISA Windows Security STIGs, etc.) and the same configured result is achieved, this is acceptable.

Fix Text

Implement a process using security configuration tools or the equivalent to configure Windows systems to meet security requirements.

Additional Identifiers

Rule ID: SV-225250r569185_rule

Vulnerability ID: V-225250

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.