STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:

Access to need-to-know information must be restricted to an authorized community of interest.

DISA Rule

SV-9030r2_rule

Vulnerability Number

V-8533

Group Title

Trusts - document need

Rule Version

AD.0170

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Delete the unneeded trust relationship or document the access requirement or mission need for the trust.

Check Contents

1. Before performing this check, perform V-8530 which validates the trusts within the documentation are current within AD.

2. Obtain documentation of the site's approved trusts from the site representative.

3. For each of the identified trusts, verify that the documentation includes a justification or explanation of the need-to-know basis of the trust.

4. If the need for the trust is not documented, then this is a finding.

Vulnerability Number

V-8533

Documentable

False

Rule Version

AD.0170

Severity Override Guidance

1. Before performing this check, perform V-8530 which validates the trusts within the documentation are current within AD.

2. Obtain documentation of the site's approved trusts from the site representative.

3. For each of the identified trusts, verify that the documentation includes a justification or explanation of the need-to-know basis of the trust.

4. If the need for the trust is not documented, then this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

870

Comments