ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
DS10.0320 DSRM Password Physical Protection<br />
STIG ID \ V-Key DS10.0320 \ V0008311<br />
Severity Cat II<br />
Short Name DSRM Password Physical Protection<br />
IA Controls COBR-1<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.6<br />
Long Name: The offline copy of the DSRM password is not subject to adequate physical<br />
protections.<br />
Checks:<br />
• Interview the IAO.<br />
• Check the location to verify that a copy of the DSRM password is stored in a<br />
locked, fire-rated container or is subject to other appropriate physical protections<br />
from loss.<br />
• If there is no copy of the DSRM password or it is not adequately physically<br />
protected, then this is a Finding.<br />
DS10.0310 Physical Access - Root FSMO Domain Controllers<br />
STIG ID \ V-Key DS10.0310 \ V0008313<br />
Severity Cat II<br />
Short Name Physical Access - Root FSMO Domain Controllers<br />
IA Controls PECF-1, PECF-2<br />
MAC /Conf 1-CS, 2-CS, 3-CS<br />
References AD STIG 2.3.5<br />
Long Name: Physical access to the AD forest root FSMO domain controllers is not restricted to<br />
specifically authorized personnel.<br />
Checks:<br />
• Interview the IAO.<br />
• Verify that physical access to the forest root FSMO domain controllers is<br />
restricted to specifically authorized personnel.<br />
- This includes the Windows server(s) holding the Domain Naming Master,<br />
Schema Master, PDC Emulator, RID Master, and Infrastructure Master FSMO<br />
roles.<br />
• If physical access to any server holding a FSMO role for the forest root domain is<br />
not restricted, then this is a Finding.<br />
UNCLASSIFIED<br />
3-4