Each cross-directory authentication configuration must be documented.

An XCCDF Rule

Description

<VulnDiscussion>Active Directory (AD) external, forest, and realm trust configurations are designed to extend resource access to a wider range of users (those in other directories). If specific baseline documentation of authorized AD external, forest, and realm trust configurations is not maintained, it is impossible to determine if the configurations are consistent with the intended security policy.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-243494r959010_rule
Severity: Low
References: CCI-000366
Updated: 17 days ago

Develop documentation for each AD external, forest, and realm trust configuration. At a minimum this must include:
Type (external, forest, or realm)
Name of the other party
Confidentiality, Availability, and Integrity categorization
Classification level of the other party
Trust direction (inbound and/or outbound)Transitivity
Status of the Selective Authentication option
Status of the SID filtering option

Each cross-directory authentication configuration must be documented.

Description

Remediation - Manual Procedure