This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration. Modification of these values and could lead to a hardware failure that would result in a denial of service condition.
Countermeasure:
Ensure that only the local Administrators group is assigned the Modify firmware environment values user right.
Potential Impact:
None. This is the default configuration.
[list_of_users_followed_by_comma]
(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Modify firmware environment values
(2) REG: ###
(3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeSystemEnvironmentPrivilege' and precedence=1
oval:gov.nist.usgcb.xp:def:188
BITS Shared Assessments SIG v6.0
Jericho Forum
HIPAA/HITECH Act
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005
COBIT 4.1
GAPP (Aug 2009)
NERC CIP
NIST SP800-53 R3 AC-3
NIST SP800-53 R3 CM-6
PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0
SCAP Repo OVAL Definition
2012-04-13
BITS Shared Assessments SIG v6.0
2012-10-12
Jericho Forum
2012-10-12
HIPAA/HITECH Act
2012-10-12
ISO/IEC 27001-2005
2012-10-12
COBIT 4.1
2012-10-12
GAPP (Aug 2009)
2012-10-12
NERC CIP
2012-10-12
NIST SP800-53 R3
2012-10-12
PCIDSS v2.0
2012-10-12
BITS Shared Assessments AUP v5.0
2012-10-12