POAM-00075
V-220972: The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a mini
The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on dom...
Recommended NIST Controls
Based on keyword analysis of POA&M description
| Control | Title | Family | Action |
|---|---|---|---|
| No recommendations available (ingest NIST controls first) | |||
Recommended STIG Rules
Based on keyword analysis of POA&M description
| Vuln ID | Title | Severity | Action |
|---|---|---|---|
| V-224819 | Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | CAT I | |
| V-224820 | Passwords for the built-in Administrator account must be changed at least every 60 days. | CAT II | |
| V-224821 | Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. | CAT I | |
| V-224822 | Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. | CAT II | |
| V-224823 | Manually managed application account passwords must be at least 14 characters in length. | CAT II | |
| V-224825 | Shared user accounts must not be permitted on the system. | CAT II | |
| V-224826 | Windows Server 2016 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | CAT II | |
| V-224827 | Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use. | CAT II | |
| V-224828 | Systems must be maintained at a supported servicing level. | CAT I | |
| V-224829 | The Windows Server 2016 system must use an anti-virus program. | CAT I |