Check: 1.006
Windows XP STIG:
1.006
(in versions v6 r1.32 through v1 r0)
Title
Users with Administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks. (Cat I impact)
Discussion
Using a privileged account to perform routine functions makes the computer vulnerable to attack by any virus or Trojan Horse inadvertently introduced during a session that has been granted full privileges. The rule of least privilege should always be enforced.
Check Content
Ask the System Administrator (SA) to show the necessary documentation that identifies the members of this privileged group. This check verifies each user with administrative privileges has been assigned a unique account, separate from the built-in “Administrator” account. This check also verifies the default “Administrator” account is not being used. Administrators should be properly trained before being permitted to perform administrator duties. The IAO will maintain a list of all users belonging to the Administrator’s group. If any of the following conditions are true, then this is a finding: •Each SA does not have a unique userid dedicated for administering the system. •Each SA does not have a separate account for normal user tasks. •The built-in administrator account is used to administer the system. •Administrators have not been properly trained. •The IAO does not maintain a list of users belonging to the Administrator’s group.
Fix Text
Create the necessary documentation that identifies the members of this privileged group. Ensure each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met.
Additional Identifiers
Rule ID: SV-29677r2_rule
Vulnerability ID: V-1140
Group Title: Users with Administrative Privilege
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |