UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Security vulnerability reviews of the domain and/or forest in which the domain controller resides must be conducted at least annually.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25841 AD.9100 SV-32180r1_rule ECSC-1 Low
Description
An AD domain controller is impacted by the AD environment created by the security configuration of the domain and forest in which the domain controller resides. A proper review of the AD environment requires checks at the domain controller, domain, and forest level. If the domain or forest-level checks are not performed at the same time or within a reasonable time frame, the domain controller may be at risk from non-secure settings at those levels.
STIG Date
Active Directory Domain Security Technical Implementation Guide (STIG) 2011-05-12

Details

Check Text ( C-32377r1_chk )
1. Verify that the domain and forest in which the domain controller resides have been reviewed using the requirements in the appropriate document in the Active Directory STIG.

2. The security assessment must be conducted at the same time or no more than 1 year prior to the review of the domain controller.

3. VMS asset information, dated reports, or other documentation can be used to provide verification.

4. If it is not possible to verify that the domain and forest have been reviewed, then this is a finding.
Fix Text (F-28704r1_fix)
Perform reviews of the domain and/or forest in which the domain controller resides at least annually.