From Windows PAW Security Technical Implementation Guide
Part of PAW-00-000600
Associated with: CCI-000366
Note: The Microsoft Tier 0-2 AD administrative tier model (https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ADATM_BM) is an example.
Verify the site has assigned each high-value IT resource to an administrative tier level by reviewing the site's list of high-value IT resources. In Active Directory verify each high-value IT resource has been assigned to the Organizational Unit (OU) corresponding to the administrative tier the resource is assigned to. If the site has not assigned an administrative tier level to each high-value IT resource or any high-value IT resource is not assigned to the appropriate OU in Active Directory, this is a finding.
Set up an administrative tier model for the domain (for example, the Microsoft-recommended Tier 0-2 AD administrative tier model). (Details of the Tier model are found at https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ADATM_BM.) Using the list of site designated high-value IT resources (see check WPAW-00-000200), indicate on the list the administrative Tier level the resource is assigned to. (Note: The updated list will be used in check WPAW-00-000400.) In Active Directory, assign all high-value IT resources to the appropriate Organizational Units (for example): - Admin\Tier 0\Devices - Admin\Tier 1\Devices - Admin\Tier 2\Devices
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer