Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Windows PAW Security Technical Implementation Guide
SRG-OS-000480-GPOS-00227
The domain must be configured to restrict privileged administrator accounts from logging on to lower-tier hosts.
The domain must be configured to restrict privileged administrator accounts from logging on to lower-tier hosts.
An XCCDF Rule
Details
Profiles
Prose
The domain must be configured to restrict privileged administrator accounts from logging on to lower-tier hosts.
Medium Severity
<VulnDiscussion>If the domain is not configured to restrict privileged administrator accounts from logging on to lower-tier hosts, it would be impossible to isolate administrative accounts to specific trust zones and protect IT resources from threats from high-risk trust zones. Blocking logon to lower-tier assets helps protect IT resources in a tier from being attacked from a lower tier.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>