UCF STIG Viewer Logo

Active Directory Forest Security Technical Implementation Guide (STIG)


Date Finding Count (4)
2013-03-12 CAT I (High): 1 CAT II (Med): 2 CAT III (Low): 1
STIG Description
This STIG is applicable for all Windows servers if a forest architecture is implemented for the Active Directory (AD). The settings required by each check will be applied to each Forest as a whole. This STIG does not apply if a forest is not implemented. The system must also be hardened using the Windows 2003 (or 2003 R2) or Windows 2008 (or 2008 R2) STIG. The system must also be reviewed using the applicable Windows and AD Service STIG, depending on the Windows version installed on the server. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-15372 High Update access to the directory schema must be restricted to appropriate accounts.
V-8557 Medium The Windows Time Service on the forest root PDC Emulator must be configured to acquire its time from an external time source.
V-8555 Medium Anonymous Access to AD forest data above the rootDSE level must be disabled.
V-8527 Low Changes to the AD schema must be subject to a documented configuration management process.