Does anyone fully implement workstation and server logon restrictions, and priviledged access workstations (PAW) as prescribed by NIST/STIG/CIS?
The URL is Microsoft’s long description of the same concepts.
Specifically from the above, there’s a few things like:
- Establishing asset/systems tiers (domain controllers or entire org compromise tier 0, moving towards less consequence in the event of system compromise)
- Accounts with the Active Directory Domain Admins or equivalent are supposed to be blocked from logging into lower tier assets
- Workstations that have access to log into these super sensitive assets like Domain controllers for management are considered PAWs, and are blocked from internet access, highly locked down, might have extra hoops or management plane assets are air gapped?
Question:
Does anyone actually do any of this at their organization?
If so, to what degree?
People hated red forest because it was a whole other set of infrastructure to baby sit.
People hate air gapped systems because no remote access or work from home.
The above doesn’t work well with cloud, and as a result Microsoft (just as an example) pushed for the new hybrid PIM models replacing their old red forest concept.
I’m just curious.
What do you guys use for STIG audit?
Manual STIG viewer or SCAP?