STIGQter STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:

Interconnections between DoD directory services of different classification levels must use a cross-domain solution that is approved for use with inter-classification trusts.

DISA Rule

SV-9031r2_rule

Vulnerability Number

V-8534

Group Title

Trust - Classification Levels

Rule Version

AD.0180

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Delete the trust relationship that is defined between entities with resources at different DoD classification levels.

Check Contents

1. Refer to the list of identified trusts and the trust documentation provided by the site representative. (Obtained in V-8530)

2. For each of the identified trusts between DoD organizations, compare the classification level (unclassified, confidential, secret, and top secret) of the domain being reviewed with the classification level of the other trust party as noted in the documentation.

3. If the classification level of the domain being reviewed is different than the classification level of any of the entities for which a trust relationship is defined, then this is a finding.

Vulnerability Number

V-8534

Documentable

False

Rule Version

AD.0180

Severity Override Guidance

1. Refer to the list of identified trusts and the trust documentation provided by the site representative. (Obtained in V-8530)

2. For each of the identified trusts between DoD organizations, compare the classification level (unclassified, confidential, secret, and top secret) of the domain being reviewed with the classification level of the other trust party as noted in the documentation.

3. If the classification level of the domain being reviewed is different than the classification level of any of the entities for which a trust relationship is defined, then this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

870

Comments