Policy must require that system administrators (SAs) be trained for the operating systems used by systems under their control.

From Windows 8/8.1 Security Technical Implementation Guide

Associated with IA controls: ECLP-1

Associated with: CCI-000366

SV-48283r2_rule Policy must require that system administrators (SAs) be trained for the operating systems used by systems under their control.

Vulnerability discussion

If system administrators (SAs) are assigned to systems running operating systems for which they have no training, these systems are at additional risk of unintentional misconfiguration that may result in vulnerabilities or decreased availability of the system.

Check content

Review the list of SAs assigned to each system and compare this information to SA training records. If SAs are assigned to systems running operating systems for which there is no record of training, this is a finding.

Fix text

Establish site policy that requires SAs be trained for all operating systems running on systems under their control.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.