1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties.


Using a privileged account to perform routine functions makes the computer vulnerable to attack by any virus or Trojan Horse inadvertently introduced during a session that has been granted full privileges.

The rule of least privilege should always be enforced.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Create the necessary documentation that identifies the members of this privileged group. Ensure each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met.

See Also


Item Details


References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Rule-ID|SV-29680r2_rule, STIG-ID|1.006, Vuln-ID|V-1140

Plugin: Windows

Control ID: 2d71118d0d15d5537ac1170f47c269d2b700f866635f6ad24d53ef8be27f8ee0