Users with Administrative privilege must have separate accounts for administrative duties and normal operational tasks.

From Windows 8/8.1 Security Technical Implementation Guide

Part of WIN00-000005-02

Associated with: CCI-000366

SV-48276r3_rule Users with Administrative privilege must have separate accounts for administrative duties and normal operational tasks.

Vulnerability discussion

Using a privileged account to perform routine functions makes the computer vulnerable to malicious software inadvertently introduced during a session that has been granted full privileges.

Check content

Verify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. The ISSO will maintain a list of all users belonging to the Administrators group. If any of the following conditions are true, this is a finding: -Each SA does not have a unique userid dedicated for administering the system. -Each SA does not have a separate account for normal user tasks.

Fix text

Ensure each user with administrative privilege has a separate account for user duties and one for privileged duties.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer