From Active Directory Domain Security Technical Implementation Guide (STIG)
Part of Review of Hosting Domain and Forest
Associated with IA controls: ECSC-1
Associated with: CCI-000366
An AD domain controller is impacted by the AD environment created by the security configuration of the domain and forest in which the domain controller resides. A proper review of the AD environment requires checks at the domain controller, domain, and forest level. If the domain or forest-level checks are not performed at the same time or within a reasonable time frame, the domain controller may be at risk from non-secure settings at those levels.
1. Verify that the domain and forest in which the domain controller resides have been reviewed using the requirements in the appropriate document in the Active Directory STIG. 2. The security assessment must be conducted at the same time or no more than 1 year prior to the review of the domain controller. 3. VMS asset information, dated reports, or other documentation can be used to provide verification. 4. If it is not possible to verify that the domain and forest have been reviewed, then this is a finding.
Perform reviews of the domain and/or forest in which the domain controller resides at least annually.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer