ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
3.5 Directory Service Synchronization \ Maintenance Application<br />
The checks in this section apply to Synch\Maint App assets and are performed once for each<br />
system on which a directory synchronization or maintenance product is installed. Note that this<br />
may not be a Windows server because some software is capable of executing on workstation<br />
operating systems.<br />
These products include CPS Systems SimpleSync, Microsoft Identity Integration Server (MIIS),<br />
and Microsoft Identity Integration Feature Pack (IIFP).<br />
Please note the following terminology used in this section:<br />
- The term Application SA is used to indicate the person responsible for the maintenance<br />
of the synchronization or maintenance application.<br />
- The phrase “routine, scheduled operations” is intended to indicate that the requirement<br />
applies where synchronization or maintenance applications are used regularly and in a<br />
production environment. Requirements with this text would not apply where the<br />
application is used only occasionally or for research or testing purposes.<br />
- The phrase “security principal” refers to a Windows account that has access to data and<br />
other resources. This is contrasted with a contact object that represents an e-mail address.<br />
DS05.0100 Synch\Maint Product Validation<br />
STIG ID \ V-Key DS05.0100<br />
Severity<br />
Short Name Synch\Maint Product Validation<br />
IA Controls DCAS-1<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.1.1<br />
Note: At this time no commercial synchronization \ maintenance applications been evaluated or<br />
validated by the NIAP so this check is not active.<br />
DS05.0110 Synch\Maint Product Robustness<br />
STIG ID \ V-Key DS05.0110<br />
Severity<br />
Short Name Synch\Maint Product Robustness<br />
IA Controls DCSR-1, DCSR-2, DCSR-3<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.1.1<br />
Note: At this time no commercial synchronization \ maintenance applications been evaluated or<br />
validated by the NIAP so this check is not active.<br />
UNCLASSIFIED<br />
3-11