UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Locally written (non-vendor) code used in AD operations must comply with the requirements of the Application STIG.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14789 DS00.6110_AD SV-16167r2_rule COSW-1 Medium
Description
Unlike vendor programs that might be recovered by purchasing and\or downloading a replacement copy, the lack of a backup for locally written (non-vendor) code could result in the inability to recover from inadvertent or malicious deletion or simple hardware failure.
STIG Date
Active Directory Service 2003 Security Technical Implementation Guide (STIG) 2011-05-20

Details

Check Text ( C-14084r2_chk )
1. Interview the application SA or site representative. Ask if the site uses locally written applications that are running on the domain controllers.

2. If the site indicates AD directory maintenance does not use non-vendor code, then this check is not applicable.

3. If AD directory maintenance does use non-vendor code, obtain a copy of the security review results or other documentation which indicates that the review was completed. A self-assessment using the Application STIG is acceptable.

4. If the non-vendor code has not been reviewed using the Application STIG since it was created or modified, then this is a finding.
Fix Text (F-14999r2_fix)
Perform a security review using the Application STIG.