UCF STIG Viewer Logo

Active Directory Forest Security Technical Implementation Guide (STIG)


Overview

Date Finding Count (5)
2018-05-30 CAT I (High): 1 CAT II (Med): 3 CAT III (Low): 1
STIG Description
This STIG provides focused security requirements for the AD or Active Directory Domain Services (AD DS) element for Windows Servers operating systems. These requirements apply to the forest and can typically be reviewed once per AD Forest. The separate Active Directory Domain STIG contains domain level requirements. Systems must also be reviewed using the applicable Windows STIG. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-15372 High Update access to the directory schema must be restricted to appropriate accounts.
V-8557 Medium The Windows Time Service on the forest root PDC Emulator must be configured to acquire its time from an external time source.
V-8555 Medium Anonymous Access to AD forest data above the rootDSE level must be disabled.
V-72835 Medium Membership to the Schema Admins group must be limited.
V-8527 Low Changes to the AD schema must be subject to a documented configuration management process.