ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency 3.4 Active Directory Forest Notes: The checks in this section apply to Active Directory Forest assets and are performed on only once per AD forest. DS00.0100 Schema Change Configuration Management STIG ID \ V-Key DS00.0100 \ V0008527 Severity Cat III Short Name Schema Change Configuration Management IA Controls DCPR-1 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.1.2 Long Name: There is no policy to ensure that changes to the directory schema are subject to a configuration management process. Checks: • Interview the IAM. • Obtain a copy of the site’s configuration management procedures documentation. • Verify that there is a local policy that requires changes to the directory schema to be processed through a configuration management process. - For AD this refers to changes to the AD schema. • If there is no policy that requires changes to the directory schema to be processed through a configuration management process, then this is a Finding. UNCLASSIFIED 3-10
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency 3.5 Directory Service Synchronization \ Maintenance Application The checks in this section apply to Synch\Maint App assets and are performed once for each system on which a directory synchronization or maintenance product is installed. Note that this may not be a Windows server because some software is capable of executing on workstation operating systems. These products include CPS Systems SimpleSync, Microsoft Identity Integration Server (MIIS), and Microsoft Identity Integration Feature Pack (IIFP). Please note the following terminology used in this section: - The term Application SA is used to indicate the person responsible for the maintenance of the synchronization or maintenance application. - The phrase “routine, scheduled operations” is intended to indicate that the requirement applies where synchronization or maintenance applications are used regularly and in a production environment. Requirements with this text would not apply where the application is used only occasionally or for research or testing purposes. - The phrase “security principal” refers to a Windows account that has access to data and other resources. This is contrasted with a contact object that represents an e-mail address. DS05.0100 Synch\Maint Product Validation STIG ID \ V-Key DS05.0100 Severity Short Name Synch\Maint Product Validation IA Controls DCAS-1 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.1.1 Note: At this time no commercial synchronization \ maintenance applications been evaluated or validated by the NIAP so this check is not active. DS05.0110 Synch\Maint Product Robustness STIG ID \ V-Key DS05.0110 Severity Short Name Synch\Maint Product Robustness IA Controls DCSR-1, DCSR-2, DCSR-3 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.1.1 Note: At this time no commercial synchronization \ maintenance applications been evaluated or validated by the NIAP so this check is not active. UNCLASSIFIED 3-11
Page 1 and 2: ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4: Active Directory Checklist, V1R1.2
Page 45: Active Directory Checklist, V1R1.2
Page 97 and 98:
Active Directory Checklist, V1R1.2
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Create successful ePaper yourself

Delete template?

Save as template?