Details

This is a category 1 finding because the ability to set access permissions and audit critical directories and files is only available by using the NTFS file system. The capability to assign access permissions to file objects is a DOD policy requirement.

The FAT file system only provides the capability to make files read-only and hidden. The capability to change these attributes is not restricted to any users. An unauthorized individual could boot the machine from a floppy disk and gain full and unrecorded access to file data.

Solution

Format all partitions/drives to use NTFS.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-3
• CAT|I
• CCI|CCI-000213
• Rule-ID|SV-29477r1_rule
• STIG-ID|2.008
• Vuln-ID|V-1081

Source

• Tenable.com/audits