STIGQter: STIG Summary: Active Directory Forest Security Technical Implementation Guide (STIG) Version: 2 Release: 8 Benchmark Date: 27 Jul 2018:

Changes to the AD schema must be subject to a documented configuration management process.

DISA Rule

SV-30998r3_rule

Vulnerability Number

V-8527

Group Title

Schema Change Configuration Management

Rule Version

DS00.0100_AD

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Document and implement a policy to ensure that changes to the AD schema are subject to a configuration management process.

Check Contents

1. Interview the IAO.

2. Obtain a copy of the site’s configuration management procedures documentation.

3. Verify that there is a local policy that requires changes to the directory schema to be processed through a configuration management process. This applies to directory schema changes whether implemented in a database or other types of files. For AD, this refers to changes to the AD schema.

4. If there is no policy that requires changes to the directory schema to be processed through a configuration management process, then this is a finding.

Vulnerability Number

V-8527

Documentable

False

Rule Version

DS00.0100_AD

Severity Override Guidance

1. Interview the IAO.

2. Obtain a copy of the site’s configuration management procedures documentation.

3. Verify that there is a local policy that requires changes to the directory schema to be processed through a configuration management process. This applies to directory schema changes whether implemented in a database or other types of files. For AD, this refers to changes to the AD schema.

4. If there is no policy that requires changes to the directory schema to be processed through a configuration management process, then this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

871

Comments