UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Active Directory implementation information must be added to the organization contingency plan where the Risk Management Framework categorization for Availability is moderate or high.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8525 DS00.6120_AD SV-30995r4_rule CODP-1 CODP-2 CODP-3 COEF-1 COEF-2 Low
Description
When an incident occurs that requires multiple Active Directory (AD) domain controllers to be rebuilt, it is critical to understand the AD hierarchy and replication flow so that the correct recovery sequence and configuration values can be selected. Without appropriate AD forest, tree and domain structural documentation, it may be impossible or very time consuming to reconstruct the original configuration.
STIG Date
Active Directory Domain Security Technical Implementation Guide (STIG) 2016-02-19

Details

Check Text ( C-66395r2_chk )
Determine the Availability categorization information for the domain.
If the Availability categorization of the domain is low, this is NA.
If the Availability categorization of the domain is moderate or high, verify the organization's disaster recovery plans includes documentation on the AD hierarchy (forest, tree and domain structure).
(A chart showing forest hierarchy and domain names is the minimum suggested.)

If the disaster recovery plans do not include directory hierarchy information, this is a finding.
Fix Text (F-71783r1_fix)
Update the disaster recovery plans to include the AD hierarchy structure for domains with an Availability categorization of moderate or high.