ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0240 Synch\Maint Aggregate Data File Encryption STIG ID \ V-Key DS05.0240 \ V0011789 Severity Cat II Short Name Synch\Maint Aggregate Data File Encryption IA Controls ECCR-1, ECCR-2 MAC /Conf 1-CS, 2-CS, 3-CS References AD STIG 2.3.3.3 Long Name: A directory synchronization or maintenance data file that contains a substantial aggregate of the directory data for an entire geographic command is not encrypted. Checks: • With the assistance of the application SA, determine the geographic scope of the data in the synchronization or maintenance data files in the directories obtained in check DS05.0200. Specifically, determine if the data contains directory information for an *entire* geographic command such as DISA CONUS, DISA EUROPE, or DISA PACIFIC or for *all* members of a Service or other Component. • If the synchronization or maintenance data files do not contain substantial aggregates, then this check is Not Applicable. • If any synchronization or maintenance data file does contain a substantial aggregate, determine with the assistance of the application SA if the file is encrypted. - The use of a text editor to attempt to view the encrypted file or a Windows directory display indicating the file has the encrypted attribute can be used. • If any synchronization or maintenance data file containing a substantial aggregate is not encrypted, then this is a Finding. Note: This check is used to determine only *if* file encryption is used. Check DS05.0120 would be applied to determine if the implemented encryption is FIPS 140-2 validated. UNCLASSIFIED 5-38
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0250 Synch\Maint Program Auditing STIG ID \ V-Key DS05.0250 \ V0011790 Severity Cat II Short Name Synch\Maint Program Auditing IA Controls ECAT-1, ECAT-2 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.3.5 Long Name: A directory synchronization or maintenance application is not configured to collect audit data. Checks: • With the assistance of the application SA, determine the auditing components of the synchronization or maintenance application. - When supported by the product, review the audit configuration settings for the product. - Alternatively review logs or other evidence that indicates that audit data is being collected. • If the synchronization or maintenance application is not configured to collect audit data, then this is a Finding. DS05.0260 Synch\Maint Audit Data Tools STIG ID \ V-Key DS05.0260 \ V0011791 Severity Cat III Short Name Synch\Maint Audit Data Tools IA Controls ECRG-1 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.3.5 Long Name: Tools are not installed to support reviewing audit data from a directory synchronization or maintenance application. Checks: • With the assistance of the application SA, invoke the tool used to review the audit data for the synchronization or maintenance application. - If the audit data is collected in a Windows Event Log, then the Event Viewer would be used for this demonstration. • If no tools are installed to allow the audit data to be reviewed, then this is a Finding. UNCLASSIFIED 5-39
Page 1 and 2:
ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4:
Active Directory Checklist, V1R1.2
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58: Active Directory Checklist, V1R1.2
Page 107: Active Directory Checklist, V1R1.2
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Create successful ePaper yourself

Delete template?

Save as template?