From Windows PAW Security Technical Implementation Guide
Part of PAW-00-001600
Associated with: CCI-000366 CCI-000767
Due to the highly privileged functions of a PAW, a high level of trust must be implemented for access to the PAW, including non-repudiation of the user session. One-factor authentication, including username and password and shared administrator accounts, does not provide adequate assurance.
Review the configuration on the PAW. Verify group policy is configured to enable either smart card or another DoD-approved two-factor authentication method for site PAWs. - In Active Directory, go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. - Verify "Interactive logon: Require smart card" is set to "Enabled". If group policy is not configured to enable either smart card or another DoD-approved two-factor authentication method, this is a finding.
In Active Directory, configure group policy to enable either smart card or another DoD-approved two-factor authentication method for all PAWs. - Go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. - Set "Interactive logon: Require smart card" to "Enabled".
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer