ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
DS05.0360 Synch\Maint Data Transport Signing<br />
STIG ID \ V-Key DS05.0360 \ V0011770<br />
Severity Cat III<br />
Short Name Synch\Maint Data Transport Signing<br />
IA Controls ECTM-1. ECTM-2<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.3.8<br />
Long Name: A synch\maint implementation does not use data signing or other methods to<br />
ensure the integrity of directory data network traffic.<br />
Checks:<br />
• Interview the Application SA.<br />
• Review the application documentation or configuration settings to determine if<br />
the synch\maint implementation signs the data or uses other integrity checks on<br />
data transferred over any network.<br />
- The use of encryption is an acceptable method of addressing data integrity. If the<br />
LDAPS or HTTPS protocol or a VPN is used for transmission, this meets the<br />
requirement.<br />
• If the synch\maint implementation does not use data signing or other methods to<br />
ensure the integrity of transmitted data, then this is a Finding.<br />
UNCLASSIFIED<br />
3-22