ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Active Directory Checklist, V1R1.2 Field Security Operations
22 September 2006 Defense Information Systems Agency
DS05.0420 Synch\Maint Server Physical Access
STIG ID \ V-Key DS05.0420 \ V0011778
Severity Cat II
Short Name Synch\Maint Server Physical Access
IA Controls PECF-1, PECF-2
MAC /Conf 1-CS, 2-CS, 3-CS
References AD STIG 2.3.5
Long Name: Physical access to a host used in routine, scheduled synch\maint operations is not
restricted to authorized personnel.
Checks:
• Interview the Application SA.
• Verify that physical access to hosts used in routine, scheduled synch\maint
operations is restricted to authorized personnel.
- This includes the Windows host(s) holding any synch\maint databases and
synch\maint application executables.
• If physical access to a host used in routine, scheduled synch\maint operations is
not restricted, then this is a Finding.
DS05.0430 Synch\Maint Data Backup
STIG ID \ V-Key DS05.0430 \ V0011779
Severity Cat II
Short Name Synch\Maint Data Backup
IA Controls CODB-1, CODB-2, CODB-3
MAC /Conf 1-CSP, 2-CSP, 3-CSP
References AD STIG 2.3.6
Long Name: Production data from routine, scheduled synch\maint operations is not backed up
periodically.
Checks:
• Interview the Application SA.
• Obtain a copy of the site’s SOP for backups.
• Check the SOP for the frequency at which data used in routine, scheduled
synch\maint operations is backed up.
- Alternatively, physically verify that backups are being taken.
• If the synch\maint data for a MAC III system is not backed up weekly or at least
after each execution, then this is a Finding.
• If the synch\maint data for a MAC I or II system is not backed up daily or at least
after each execution, then this is a Finding.
UNCLASSIFIED
3-30