Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • Separate domain accounts must be used to manage public facing servers from any domain accounts used to manage internal servers.

    <VulnDiscussion>Public facing servers should be in DMZs with separate Active Directory forests. If, because of operational necessity, this i...
    Rule Medium Severity
  • SRG-OS-000076

    <GroupDescription></GroupDescription>
    Group
  • Windows service \ application accounts with administrative privileges and manually managed passwords, must have passwords changed at least every 60 days.

    &lt;VulnDiscussion&gt;NT hashes of passwords for accounts that are not changed regularly are susceptible to reuse by attackers using Pass-the-Hash....
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Domain controllers must be blocked from Internet access.

    &lt;VulnDiscussion&gt; Domain controllers provide access to highly privileged areas of a domain. Such systems with Internet access may be exposed ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules