Changes to the AD schema must be subject to a documented configuration management process.
An XCCDF Rule
Description
<VulnDiscussion>Poorly planned or implemented changes to the AD schema could cause the applications that rely on AD (such as web and database servers) to operate incorrectly or not all. Improper changes to the schema could result in changes to AD objects that are incompatible with correct operation of the Windows domain controller and the domain clients. This could cause outages that prevent users from logging on or accessing Windows server resources across multiple hosts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><Responsibility>Information Assurance Manager</Responsibility><IAControls>DCPR-1</IAControls>
- ID
- SV-30998r3_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Document and implement a policy to ensure that changes to the AD schema are subject to a configuration management process.