STIGQter STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:

Active Directory must be supported by multiple domain controllers where the Risk Management Framework categorization for Availability is moderate or high.

DISA Rule

SV-30996r3_rule

Vulnerability Number

V-8524

Group Title

Directory Service Availability

Rule Version

DS00.6140_AD

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement multiple domain controllers in domains with an Availability categorization of moderate or high.

Check Contents

Determine the Availability categorization information for the domain.
If the Availability categorization of the domain is low, this is NA.
If the Availability categorization of the domain is moderate or high, verify the domain is supported by more than one domain controller.
Start "Active Directory Users and Computers" (Available from various menus or run "dsa.msc").
Expand the left pane item that matches the domain being reviewed.
Select the Domain Controllers Organizational Unit (OU) in the left pane.

If there is only one domain controller in the OU, this is a finding.

Vulnerability Number

V-8524

Documentable

False

Rule Version

DS00.6140_AD

Severity Override Guidance

Determine the Availability categorization information for the domain.
If the Availability categorization of the domain is low, this is NA.
If the Availability categorization of the domain is moderate or high, verify the domain is supported by more than one domain controller.
Start "Active Directory Users and Computers" (Available from various menus or run "dsa.msc").
Expand the left pane item that matches the domain being reviewed.
Select the Domain Controllers Organizational Unit (OU) in the left pane.

If there is only one domain controller in the OU, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

870

Comments