Title

Booting into alternate operating systems is permitted. (Cat II impact)

Discussion

Allowing other operating systems to run on a secure system, can allow users to circumvent security. If more than one operating system is installed on a computer, each must be configured to be compliant with STIG guidance.

Check Content

Verify that the local system boots directly into Windows: Open Control Panel. Select “System”. Select the “Advanced System Settings” link. Select the “Advanced” tab. Click the Startup and Recovery “Settings” button. If the drop-down list box “Default operating system:” shows any operating system other than Windows 7, this may be a finding. Verify that Windows XP Mode, a Windows Virtual PC instance of Windows XP, has not been installed on the system: Open Control Panel. Select “Programs and Features”. If Windows Virtual PC or Windows XP Mode are listed this may be a finding. If all additional operating systems are STIG compliant, then this is not a finding.

Fix Text

Configure the system to prevent running non-compliant alternate operating systems.

Additional Identifiers

Rule ID: SV-25256r1_rule

Vulnerability ID: V-1119

Group Title: Booting into Multiple Operating Systems

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.