Back

Disable indexing service unless indexing service use is absolutely necessary.


CONTROL ID
01818
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization must only enable Indexing Service if absolutely necessary. This service indexes files on the system in an attempt to improve search performance. However, the service may occasionally consume excessive resources when compared to its usefulness. (§ 4.1.9, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
  • Table F-2: For Windows 2003 Server, the organization must configure the permissions for Indexing Service (cisvc) to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. Table F-3: For Windows 2000 Professional, the organization must configure the permissions for Indexing S… (Table F-2, Table F-3, Table F-4, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Indexing Service should be disabled. The service should be documented if enabling it is required. (§ 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • The Indexing Service should be Disabled, unless absolutely necessary. If it is Enabled, there should be a documented and justified reason. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • For Specialized Security - Limited Functionality systems, this service should be Disabled. For all other Windows XP environments, this service is Not Defined. (§ 6.5, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)
  • This service searches all files on local and remote computers and indexes the data that is stored there. This provides users with quick access when performing a search. The Indexing Service is Not Defined for Enterprise Client environments and should be Disabled for Specialized Security - Limited Fu… (Pg 68, NSA Guide to Security Microsoft Windows XP)