Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25841 | AD.9100 | SV-32180r2_rule | ECSC-1 | Low |
Description |
---|
An AD domain controller is impacted by the AD environment created by the security configuration of the domain and forest in which the domain controller resides. A proper review of the AD environment requires checks at the domain controller, domain, and forest level. If the domain or forest-level checks are not performed at the same time or within a reasonable time frame, the domain controller may be at risk from non-secure settings at those levels. |
STIG | Date |
---|---|
Active Directory Domain Security Technical Implementation Guide (STIG) | 2017-12-15 |
Check Text ( C-32377r1_chk ) |
---|
1. Verify that the domain and forest in which the domain controller resides have been reviewed using the requirements in the appropriate document in the Active Directory STIG. 2. The security assessment must be conducted at the same time or no more than 1 year prior to the review of the domain controller. 3. VMS asset information, dated reports, or other documentation can be used to provide verification. 4. If it is not possible to verify that the domain and forest have been reviewed, then this is a finding. |
Fix Text (F-28704r1_fix) |
---|
Perform reviews of the domain and/or forest in which the domain controller resides at least annually. |