ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0210 Synch\Maint Password Protection STIG ID \ V-Key DS05.0210 \ V0011764 Severity Cat I Short Name Synch\Maint Password Protection IA Controls IAIA-1, IAIA-2 MAC /Conf 1-CS, 2-CS, 3-CS References AD STIG 2.3.2 Long Name: A password used in the execution of a synch\maint implementation is embedded in a script or stored in an unencrypted file. Checks: • Interview the Application SA. • Verify whether the execution of the synch\maint implementation uses a script in which a password is embedded or uses any unencrypted file that contains a password. - Verification can involve review of the operating documentation or observation of the execution of a synch\maint cycle. • If execution of the synch\maint implementation uses a script in which a password is embedded or uses any unencrypted file that contains a password, then this is a Finding. UNCLASSIFIED 3-16
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0270 Synch\Maint Audit Data Backup STIG ID \ V-Key DS05.0270 \ V0011765 Severity Cat III Short Name Synch\Maint Audit Data Backup IA Controls ECTB-1 MAC /Conf 1-CSP, 2-CSP, 3-C References AD STIG 2.3.3.5 Long Name: Audit data from a synch\maint implementation is not backed up at least weekly on external media or on a system other than where the implementation executes. Checks: Note: This check is Not Applicable if the audit data is collected in a Windows Event Log. [Windows Event Log backup is reviewed in the Windows Checklist.] • Interview the Application SA. • Obtain a copy of the site’s policy that addresses (audit) data backup. • Check that the policy addresses the requirement for the audit data from a synch\maint implementation to be: - Backed up at least weekly - Backed up on external media or to a system other than the one on which the implementation runs. Alternatively review logs or other evidence that indicates audit data backup frequency and output destination. • If the audit data is not backed up at least weekly or is not backed up to a detached location, then this is a Finding. UNCLASSIFIED 3-17
Page 1 and 2: ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4: Active Directory Checklist, V1R1.2
Page 51: Active Directory Checklist, V1R1.2
Page 103 and 104:
Active Directory Checklist, V1R1.2
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?