ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0280 Synch\Maint Audit Data Retention STIG ID \ V-Key DS05.0280 \ V0011766 Severity Cat III Short Name Synch\Maint Audit Data Retention IA Controls ECRR-1 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.3.5 Long Name: Audit data from a synch\maint implementation is not retained for at least one year. Checks: Note: This check is Not Applicable if the audit data is collected in a Windows Event Log. [Windows audit retention is reviewed in the Windows Checklist.] • Interview the Application SA. • Obtain a copy of the site’s policy that addresses audit data retention. • Check that the policy addresses the retention requirement for the audit data from a synch\maint implementation. Alternatively review logs or other evidence that indicates audit data retention. • If the audit data is not retained for at least one year, then this is a Finding. UNCLASSIFIED 3-18
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0320 Synch\Maint Local Code Configuration Management STIG ID \ V-Key DS05.0320 \ V0011767 Severity Cat III Short Name Synch\Maint Local Code Configuration Management IA Controls ECSD-1, ECSD-2 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.3.7 Long Name: There is no policy to ensure that code that is not vendor-provided and is used in a synch\maint implementation that updates security principal accounts is subject to a configuration management process. Checks: • Interview the Application SA. • Determine if a synch\maint implementation that updates security principal accounts includes code not provided by the vendor. - For MIIS\IIFP, this refers to Management Agents (MAs) not provided from Microsoft. [Retain this code information for use in a subsequent check.] • If the synch\maint implementation does *not* use non-vendor code, then this check is Not Applicable. • If the synch\maint implementation *does* use non-vendor code, obtain a copy of the site’s configuration management procedures documentation. • Verify that there is a local policy that requires implementation and changes to the code to be processed through a configuration management process. • If there is no policy that requires code implementation and changes to be processed through a configuration management process, then this is a Finding. UNCLASSIFIED 3-19
Page 1 and 2:
ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4: Active Directory Checklist, V1R1.2
Page 53: Active Directory Checklist, V1R1.2
Page 105 and 106:
Active Directory Checklist, V1R1.2
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Create successful ePaper yourself

Delete template?

Save as template?