ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
DS05.0240 Synch\Maint Aggregate Data File Encryption<br />
STIG ID \ V-Key DS05.0240 \ V0011789<br />
Severity Cat II<br />
Short Name Synch\Maint Aggregate Data File Encryption<br />
IA Controls ECCR-1, ECCR-2<br />
MAC /Conf 1-CS, 2-CS, 3-CS<br />
References AD STIG 2.3.3.3<br />
Long Name: A directory synchronization or maintenance data file that contains a substantial<br />
aggregate of the directory data for an entire geographic command is not<br />
encrypted.<br />
Checks:<br />
• With the assistance of the application SA, determine the geographic scope of the<br />
data in the synchronization or maintenance data files in the directories obtained in<br />
check DS05.0200. Specifically, determine if the data contains directory<br />
information for an *entire* geographic command such as DISA CONUS, DISA<br />
EUROPE, or DISA PACIFIC or for *all* members of a Service or other<br />
Component.<br />
• If the synchronization or maintenance data files do not contain substantial<br />
aggregates, then this check is Not Applicable.<br />
• If any synchronization or maintenance data file does contain a substantial<br />
aggregate, determine with the assistance of the application SA if the file is<br />
encrypted.<br />
- The use of a text editor to attempt to view the encrypted file or a Windows<br />
directory display indicating the file has the encrypted attribute can be used.<br />
• If any synchronization or maintenance data file containing a substantial aggregate<br />
is not encrypted, then this is a Finding.<br />
Note: This check is used to determine only *if* file encryption is used. Check<br />
DS05.0120 would be applied to determine if the implemented encryption is FIPS<br />
140-2 validated.<br />
UNCLASSIFIED<br />
5-38