Active Directory Domain Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Access to need-to-know information must be restricted to an authorized community of interest.
<VulnDiscussion>Because trust relationships effectively eliminate a level of authentication in the trusting domain or forest, they represent ...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Interconnections between DoD directory services of different classification levels must use a cross-domain solution that is approved for use with inter-classification trusts.
<VulnDiscussion>If a robust cross-domain solution is not used, then it could permit unauthorized access to classified data. To support secure...Rule High Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Each cross-directory authentication configuration must be documented.
<VulnDiscussion>Active Directory (AD) external, forest, and realm trust configurations are designed to extend resource access to a wider rang...Rule Low Severity -
A controlled interface must have interconnections among DoD information systems operating between DoD and non-DoD systems or networks.
<VulnDiscussion>The configuration of an AD trust relationship is one of the steps used to allow users in one domain to access resources in an...Rule High Severity -
SRG-OS-000104
<GroupDescription></GroupDescription>Group -
Security identifiers (SIDs) must be configured to use only authentication data of directly trusted external or forest trust.
<VulnDiscussion>Under some circumstances it is possible for attackers or rogue administrators that have compromised a domain controller in a ...Rule Medium Severity -
SRG-OS-000080
<GroupDescription></GroupDescription>Group -
Selective Authentication must be enabled on outgoing forest trusts.
<VulnDiscussion>Enabling Selective Authentication on outbound Active Directory (AD) forest trusts significantly strengthens access control by...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.