Active Directory Domain Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Accounts from outside directories that are not part of the same organization or are not subject to the same security policies must be removed from all highly privileged groups.
<VulnDiscussion>Membership in certain default directory groups assigns a high privilege level for access to the directory. In AD, membership ...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Inter-site replication must be enabled and configured to occur at least daily.
<VulnDiscussion>Timely replication makes certain that directory service data is consistent across all servers that support the same scope of ...Rule Medium Severity -
SRG-OS-000032
<GroupDescription></GroupDescription>Group -
If a VPN is used in the AD implementation, the traffic must be inspected by the network Intrusion detection system (IDS).
<VulnDiscussion>To provide data confidentiality, a VPN is configured to encrypt the data being transported. While this protects the data, som...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules