ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
DS05.0250 Synch\Maint Program Auditing<br />
STIG ID \ V-Key DS05.0250 \ V0011790<br />
Severity Cat II<br />
Short Name Synch\Maint Program Auditing<br />
IA Controls ECAT-1, ECAT-2<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.3.5<br />
Long Name: A directory synchronization or maintenance application is not configured to<br />
collect audit data.<br />
Checks:<br />
• With the assistance of the application SA, determine the auditing components of<br />
the synchronization or maintenance application.<br />
- When supported by the product, review the audit configuration settings for the<br />
product.<br />
- Alternatively review logs or other evidence that indicates that audit data is being<br />
collected.<br />
• If the synchronization or maintenance application is not configured to collect<br />
audit data, then this is a Finding.<br />
DS05.0260 Synch\Maint Audit Data Tools<br />
STIG ID \ V-Key DS05.0260 \ V0011791<br />
Severity Cat III<br />
Short Name Synch\Maint Audit Data Tools<br />
IA Controls ECRG-1<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.3.5<br />
Long Name: Tools are not installed to support reviewing audit data from a directory<br />
synchronization or maintenance application.<br />
Checks:<br />
• With the assistance of the application SA, invoke the tool used to review the audit<br />
data for the synchronization or maintenance application.<br />
- If the audit data is collected in a Windows Event Log, then the Event Viewer<br />
would be used for this demonstration.<br />
• If no tools are installed to allow the audit data to be reviewed, then this is a<br />
Finding.<br />
UNCLASSIFIED<br />
5-39