ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
5.3.2 Trust Relationships<br />
The checks in this section address the AD trust relationships that are manually created by<br />
administrators. This includes external, forest, and realm trusts.<br />
DS10.0100 Trust Relationship Documentation<br />
STIG ID \ V-Key DS10.0100 \ V0008530<br />
Severity Cat III<br />
Short Name Trust Relationship Documentation<br />
IA Controls DCID-1<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.1.2<br />
Long Name: Appropriate documentation is not maintained for each external, forest, and realm<br />
AD trust relationship.<br />
Checks:<br />
• Start the Active Directory Domains and Trusts console (“Start”, “Run…”,<br />
“domain.msc”).<br />
• Select the left pane item that matches the name of the domain being reviewed.<br />
- Right-click the domain name and select the Properties item.<br />
- On the domain object Properties window, select the Trusts tab.<br />
- For *each* outgoing and incoming external, forest, and realm trust, record the<br />
name of the other party (domain name), the trust type, transitivity, and the trust<br />
direction.<br />
[Retain this trust information for use in subsequent checks.]<br />
• Compare the list of actual trusts with the local documentation maintained by the<br />
IAO. [See note below.] For each trust the documentation must contain type<br />
(external, forest, or realm), name of the other party, MAC and classification level<br />
of the other party, trust direction (incoming and\or outgoing), transitivity, status of<br />
the Selective Authentication option, and status of the SID filtering option.<br />
• If an actual trust is not listed in the documentation or if any of the required items<br />
are not documented, then this is a Finding.<br />
Note: Checklist Appendix B contains samples of trust relationship documentation.<br />
While these specific formats are not required, it is highly recommended that all of the<br />
information on these samples be represented in the documentation maintained by the<br />
IAO.<br />
UNCLASSIFIED<br />
5-16