Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25385 | DS00.0160_AD | SV-31547r1_rule | CODB-1 CODB-2 CODB-3 | Medium |
Description |
---|
Failure to maintain a current backup of directory data could make it difficult or impossible to recover from incidents including hardware failure or malicious corruption. A failure to recover from the loss of directory data used in identification and authentication services (i.e.,, Active Directory) could result in an extended loss of availability. |
STIG | Date |
---|---|
Active Directory Domain Security Technical Implementation Guide (STIG) | 2014-04-01 |
Check Text ( C-31812r1_chk ) |
---|
1. Interview the IAO. 2. Obtain a copy of the site’s SOP for backups. 3. Check the SOP for the frequency at which directory data is backed up. Alternatively, physically verify that backups are being performed. 4. If the directory data for a MAC III system is not backed up at least weekly, then this is a finding. 5. If the directory data for a MAC I or II system is not backed up at least daily, then this is a finding. |
Fix Text (F-28483r1_fix) |
---|
1. Change local site procedures to include a complete backup of directory data in compliance with the following frequency: a. MAC I or II system - back up the directory data at least daily. b. MAC III systems - back up the directory data at least weekly. 2. Change local site procedures to use a backup tool that is appropriate for the directory technology. 3. Ensure that the type of backup is appropriate to capturing the directory data. For AD domain controllers, this must include a System State data backup |