From Remote Endpoint STIG
Part of SRC-EPT-360 Changes to security configuration
Associated with IA controls: ECSC-1
Strong configuration controls will help prevent unauthorized configuration changes and software installs for the remote devices.
This check verifies use of workstation policy and site written policy to prevent unapproved configuration changes. The system’s user and advanced user rights policies must be configured in accordance with DISA requirements to prevent users without administrative rights from installing or changing software or hardware configuration which may adversely affect the security posture of the laptop or workstation. Use the User Manager or Administrative Tools applet to view user accounts and policies for users who access the system’s resources. Select “User Rights” from the “Policies” menu. Select the checkbox, “Show Advanced User Rights.” Click “Cancel” when finished examining the data in this dialog box. By scrolling through the choices in the drop-down box labeled “Right,” navigate to the rights listed below and compare the contents of the “Grant To” listbox with the acceptable values in the following table. If there are any discrepancies, this is a finding. Users Rights Authorized Groups Load and unload device drivers Administrators Modify firmware environment values Administrators Next, examine any procedures or remote access agreement that informs the user of this requirement. If the user is not informed of this requirement or if rights are not restricted to prevent installation of software or device drivers, this is a finding. View a copy of approval letters if such approvals have been authorized.
Create a software baseline.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer