Disable Remote Administration Service unless remote administration management is absolutely necessary.

CONTROL ID
04287

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.

Disallow remote network administration. (Annex A2: Computer Network Security 13, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
For Windows 2003 Server, the organization must configure the permissions for Remote Administration Service to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. (Table F-2, CMS Business Partners Systems Security Manual, Rev. 10)
The agency shall employ automated mechanisms to facilitate the monitoring and control of remote access methods. The agency shall control all remote accesses through managed access control points. The agency may permit remote access for privileged functions only for compelling operational needs but s… (§ 5.5.6 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
Enable encrypted remote administration if necessary. Enable X Graphical User Interface for administration if necessary. Remote administration must be done over an encrypted channel to protect against information or control leakage. SSH is an appropriate communication encryption tool to use for remot… (§ 2.15, NSA Guide to the Secure Configuration of Solaris 9, Version 1.0)