ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

19.07.2013 Views
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0350 Synch\Maint Certificate Validity Checking STIG ID \ V-Key DS05.0350 \ V0011772 Severity Cat III Short Name Synch\Maint Certificate Validity Checking IA Controls IAAC-1 MAC /Conf 1-CS, 2-CS, 3-CS References AD STIG 2.3.3.8 Long Name: A synch\maint product that utilizes PKI certificates does not perform certificate validation that includes CRL or OCSP checking. Checks: • Interview the Application SA. • Review the application documentation or configuration settings to determine if the synch\maint implementation utilizes PKI certificates. • If PKI certificates are *not* used, then this check is Not Applicable. • If PKI certificates *are* used, review the application documentation or configuration settings to determine if the product performs certificate validation that includes CRL or OCSP checking. - Note that certificates could be used in multiple parts of the implementation such as client authentication of the server *and* server authentication of the client. All uses should be examined. • If the synch\maint implementation utilizes PKI certificates and the product does not perform certificate validation that includes CRL or OCSP checking, then this is a Finding. Note: At this time it is understood that SimpleSync, MIIS, and IIFP do *not* perform CRL or OCSP checking. UNCLASSIFIED 3-24

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS05.0370 Synch\Maint Mutual Authentication STIG ID \ V-Key DS05.0370 \ V0011773 Severity Cat III Short Name Synch\Maint Mutual Authentication IA Controls ECTM-1. ECTM-2 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.3.8 Long Name: A synch\maint implementation does not perform authentication of the synch\maint client and target directory server (mutual authentication). Checks: • Interview the Application SA. • Review the application documentation or configuration settings to determine if the synch\maint implementation performs authentication of the synch\maint client *and* the target directory server. - For client authentication this could include the use of an ID\password for the client to access the server. - For the server authentication this could include the use of LDAPS or HTTPS in which the client validates the server’s PKI certificate. • If the synch\maint implementation does not perform mutual authentication, then this is a Finding. UNCLASSIFIED 3-25

Page 1 and 2: ACTIVE DIRECTORY SECURITY CHECKLIST

Page 3 and 4: Active Directory Checklist, V1R1.2




























Page 59: Active Directory Checklist, V1R1.2






































domain

directory

active

checklist

stig

operations

unclassified

september

asset

reviewed

leet

upload

leetupload.com

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload ... View more ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Delete template?

Save as template ?

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload