ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0190 Synch\Maint Public Domain Software STIG ID \ V-Key DS05.0190 \ V0011785 Severity Cat II Short Name Synch\Maint Public Domain Software IA Controls DCPD-1 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.1.4 Long Name: Public domain software is used to perform directory synchronization or maintenance operations. Checks: • Search for instances of known public domain software: - Start Windows Explorer. - Right-click the “My Computer” item and select “Search…” - For each of the following program names: adfind.exe, admod.exe, shedit.exe, and shedit2k3.exe -- Enter the program name in the file name field. -- Select “Local Hard Drives” in the “Look in:” field. -- Click the Search button. • Ask the SA or application SA to confirm that no other public domain software is being used to perform synchronization or maintenance operations. • If instances of public domain software are installed and this software has not been assessed for information assurance impacts and approved explicitly by the DAA, then this is a Finding. Note: This check and the associated requirement are based on DoD policy on the use of software for which original source code is not available *and* there is limited or no warranty or support. In these circumstances, the inability to examine or review potential vulnerabilities represents an unknown and unacceptable risk. UNCLASSIFIED 5-34
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0200 Synch\Maint Code \ Data File Locations STIG ID \ V-Key DS05.0200 \ V0011786 Severity Cat III Short Name Synch\Maint Code \ Data File Locations IA Controls DCSP-1 MAC /Conf 1-CSP, 2-CSP References AD STIG 2.3.1.5 Long Name: The source code for a directory synchronization or maintenance application is located in the same directory as data that is input to or output from the application. Checks: • With the assistance of the application SA, determine the directories containing synchronization or maintenance program *source* files and a list of the directories containing *data* files read or written by the synchronization or maintenance application. [Retain this *data* file location information for use in subsequent checks.] • Compare the names of directories containing program source files with those containing input or output data. • If synchronization or maintenance program source files are contained in the same directory as input or output data, then this is a Finding. Note: This check *does* apply to cases where COTS applications have been extended or modified by the addition of local programs. For example, locally written Management Agents (MAs) for MIIS are included in the scope of this check. UNCLASSIFIED 5-35
Page 1 and 2:
ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4:
Active Directory Checklist, V1R1.2
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54: Active Directory Checklist, V1R1.2
Page 103: Active Directory Checklist, V1R1.2
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?