POAM-00095
V-225017: The "Deny log on as a service" user right on member servers must be configured to prevent access fro
The "Deny log on as a service" user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned ...
Recommended NIST Controls
Based on keyword analysis of POA&M description
| Control | Title | Family | Action |
|---|---|---|---|
| No recommendations available (ingest NIST controls first) | |||
Recommended STIG Rules
Based on keyword analysis of POA&M description
| Vuln ID | Title | Severity | Action |
|---|---|---|---|
| V-224819 | Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | CAT I | |
| V-224820 | Passwords for the built-in Administrator account must be changed at least every 60 days. | CAT II | |
| V-224821 | Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. | CAT I | |
| V-224822 | Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. | CAT II | |
| V-224823 | Manually managed application account passwords must be at least 14 characters in length. | CAT II | |
| V-224824 | Manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization. | CAT II | |
| V-224825 | Shared user accounts must not be permitted on the system. | CAT II | |
| V-224827 | Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use. | CAT II | |
| V-224829 | The Windows Server 2016 system must use an anti-virus program. | CAT I | |
| V-224830 | Servers must have a host-based intrusion detection or prevention system. | CAT II |