Details
If SAs are assigned to systems running operating systems for which they have no training, these systems are at additional risk of unintentional misconfiguration that may result in vulnerabilities or decreased availability of the system.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Establish site policy that requires SAs be trained for all operating systems running on systems under their control.
Supportive Information
The following resource is also helpful.
- https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R3_STIG.zip
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Rule-ID|SV-226032r794371_rule
- STIG-ID|WN12-00-000006
- STIG-Legacy|SV-51577
- STIG-Legacy|V-36666
- Vuln-ID|V-226032