The VMM must prevent all software from executing at higher privilege levels than users executing the software.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-207446	SRG-OS-000326-VMM-001160	SV-207446r958730_rule		Medium

Description

In certain situations, guest VMs, applications, and programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to VMM users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations. Some guest VMs, applications, programs, and processes are required to operate at a higher privilege level and therefore should be excluded from this restriction after review.

STIG	Date
Virtual Machine Manager Security Requirements Guide	2024-12-06

Details

Check Text (C-7703r365748_chk)

Verify the VMM prevents all software from executing at higher privilege levels than users executing the software.

If it does not, this is a finding.

Fix Text (F-7703r365749_fix)

Configure the VMM to prevent all software from executing at higher privilege levels than users executing the software.