ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

Active Directory Checklist, V1R1.2 Field Security Operations
22 September 2006 Defense Information Systems Agency
DS05.0450 Synch\Maint Disaster Recovery Documentation
STIG ID \ V-Key DS05.0450 \ V0011780
Severity Cat III
Short Name Synch\Maint Disaster Recovery Documentation
IA Controls COEF-2
MAC /Conf 1-CSP, 2-CSP
References AD STIG 2.3.6
Long Name: Disaster recovery plans do not include identification of products used in routine,
scheduled synch\maint operations.
Checks:
• Interview the Application SA.
• Obtain a copy of the site’s disaster recovery planning documents.
• Verify that the disaster recovery plans include documentation of the products used
in routine, scheduled synch\maint operations.
• If the disaster recovery plans do not include documentation of the products, then
this is a Finding.
DS05.0460 Synch\Maint Security Patch Implementation
STIG ID \ V-Key DS05.0460 \ V0011781
Severity Cat II
Short Name Synch\Maint Security Patch Implementation
IA Controls VIVM-1
MAC /Conf 1-CSP, 2-CSP, 3-CSP
References AD STIG 2.3.7
Long Name: Security related patches for synch\maint products are not applied or the
application status is not documented.
Checks:
• Interview the Application SA.
• Obtain a copy of the site’s policy that addresses security patch implementation.
• Verify that the local policy requires all vendor-provided security patches to be
applied and the status to be documented for synch\maint products.
• If there is no policy that requires all the vendor-provided security patches to be
applied and the status to be documented, then this is a Finding.
3.6 Active Directory Application Mode Instance
This section is reserved for future interview checks for ADAM instances.
UNCLASSIFIED
3-31