POAM-00179
V-243477: User accounts with domain level administrative privileges must be members of the Protected Users gro
User accounts with domain level administrative privileges must be members of the Protected Users group in domains with a domain functional level of Windows 2012 R2 or higher....
Recommended NIST Controls
Based on keyword analysis of POA&M description
| Control | Title | Family | Action |
|---|---|---|---|
| No recommendations available (ingest NIST controls first) | |||
Recommended STIG Rules
Based on keyword analysis of POA&M description
| Vuln ID | Title | Severity | Action |
|---|---|---|---|
| V-224819 | Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | CAT I | |
| V-224820 | Passwords for the built-in Administrator account must be changed at least every 60 days. | CAT II | |
| V-224821 | Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. | CAT I | |
| V-224822 | Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. | CAT II | |
| V-224823 | Manually managed application account passwords must be at least 14 characters in length. | CAT II | |
| V-224824 | Manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization. | CAT II | |
| V-224825 | Shared user accounts must not be permitted on the system. | CAT II | |
| V-224826 | Windows Server 2016 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | CAT II | |
| V-224827 | Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use. | CAT II | |
| V-224828 | Systems must be maintained at a supported servicing level. | CAT I |