S 2.330 Regular checks of the Windows XP, Windows Vista and Windows 7 security policies and their implementation
Initiation responsibility: Administrator, Head of IT, IT Security Officer
Implementation responsibility: IT Security Officer, Administrator
To detect violations of the currently valid Windows XP, Windows Vista and Windows 7 security policies, regular checks are necessary. These checks should be a permanent part of an organisational process. The results of such checks must be documented in order to detect repeated violations.
The following aspects need to be considered in this regard:
- The currency and consistency of the existing security policies must be checked. In the course of time, new information relating to the security aspects of Windows XP, Windows Vista and Windows 7 will become available. This information must be taken into account adequately when checking the security policies. The security policies must be adapted if necessary and then reimplemented.
- The Windows XP, Windows Vista and Windows 7 security policies must be implemented carefully. Their implementation must also be checked at regular intervals. Automated tools such as secedit can be used to determine the settings currently implemented or differences between the current settings and the parameter values defined in the security policies (S 4.243 Windows client operating system administration tools).
- The access authorisations in file systems, the registry, and network shares must be checked for consistency. Users may only possess the required authorisations.
- User authorisations (system authorisations) must also be checked.
- Changes resulting from the installation of new software or the removal of old software (Windows components or application software from third party manufacturers) must be adequately taken into account. The resulting changes to the security settings must be implemented (group policy objects, access authorisations etc.). A security analysis must be performed in cases where the changes are critical.
Furthermore, S 2.10 Audit of the hardware and software inventory should be taken into account when checking to enable the detection and elimination of the use of unauthorised software.
Review questions:
- Are the Windows XP, Windows Vista and Windows 7 security policies and their implementation checked at regular intervals?