Microsoft Windows PAW Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000107-GPOS-00054
<GroupDescription></GroupDescription>Group -
The Windows PAW must be configured to enforce two-factor authentication and use Active Directory for authentication management.
<VulnDiscussion>Due to the highly privileged functions of a PAW, a high level of trust must be implemented for access to the PAW, including n...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Windows PAW must use a trusted channel for all connections between a PAW and IT resources managed from the PAW.
<VulnDiscussion>Note: The Common Criteria Security Functional Requirement (SFR) FTP_ITC.1.1(1) defines "trusted channel" as "a channel that u...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
If several Windows PAWs are set up in virtual machines (VMs) on a host server, the host server must only contain PAW VMs.
<VulnDiscussion>A main security architectural construct of a PAW is to remove non-administrative functions from the PAW. Many standard user f...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Windows PAW must be configured so that all inbound ports and services to a PAW are blocked except as needed for monitoring, scanning, and management tools or when the inbound communication is a response to an outbound connection request.
<VulnDiscussion>A main security architectural construct of a PAW is that the workstation is isolated from most Internet threats, including ph...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Windows PAW must be configured so that all outbound connections to the Internet from a PAW are blocked.
<VulnDiscussion>Note: Internal domain connections from a PAW to communicate with IT resources being managed via the PAW with domain controlle...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.