ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0350 Synch\Maint Certificate Validity Checking STIG ID \ V-Key DS05.0350 \ V0011772 Severity Cat III Short Name Synch\Maint Certificate Validity Checking IA Controls IAAC-1 MAC /Conf 1-CS, 2-CS, 3-CS References AD STIG 2.3.3.8 Long Name: A synch\maint product that utilizes PKI certificates does not perform certificate validation that includes CRL or OCSP checking. Checks: • Interview the Application SA. • Review the application documentation or configuration settings to determine if the synch\maint implementation utilizes PKI certificates. • If PKI certificates are *not* used, then this check is Not Applicable. • If PKI certificates *are* used, review the application documentation or configuration settings to determine if the product performs certificate validation that includes CRL or OCSP checking. - Note that certificates could be used in multiple parts of the implementation such as client authentication of the server *and* server authentication of the client. All uses should be examined. • If the synch\maint implementation utilizes PKI certificates and the product does not perform certificate validation that includes CRL or OCSP checking, then this is a Finding. Note: At this time it is understood that SimpleSync, MIIS, and IIFP do *not* perform CRL or OCSP checking. UNCLASSIFIED 3-24
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0370 Synch\Maint Mutual Authentication STIG ID \ V-Key DS05.0370 \ V0011773 Severity Cat III Short Name Synch\Maint Mutual Authentication IA Controls ECTM-1. ECTM-2 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.3.8 Long Name: A synch\maint implementation does not perform authentication of the synch\maint client and target directory server (mutual authentication). Checks: • Interview the Application SA. • Review the application documentation or configuration settings to determine if the synch\maint implementation performs authentication of the synch\maint client *and* the target directory server. - For client authentication this could include the use of an ID\password for the client to access the server. - For the server authentication this could include the use of LDAPS or HTTPS in which the client validates the server’s PKI certificate. • If the synch\maint implementation does not perform mutual authentication, then this is a Finding. UNCLASSIFIED 3-25
Page 1 and 2:
ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4:
Active Directory Checklist, V1R1.2
Page 5 and 6:
Page 7 and 8:
Page 9 and 10: Active Directory Checklist, V1R1.2
Page 59: Active Directory Checklist, V1R1.2
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Create successful ePaper yourself

Delete template?

Save as template?