I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480
Group -
Systems must be monitored for remote desktop logons.
Remote Desktop activity for administration should be limited to specific administrators, and from limited management workstations. Monitoring for any Remote Desktop logins outside of expected acti...Rule Medium Severity -
SRG-OS-000480
Group -
Active Directory data must be backed up daily for systems with a Risk Management Framework categorization for Availability of moderate or high. Systems with a categorization of low must be backed up weekly.
Failure to maintain a current backup of directory data could make it difficult or impossible to recover from incidents including hardware failure or malicious corruption. A failure to recover from...Rule Medium Severity -
SRG-OS-000480
Group -
Each cross-directory authentication configuration must be documented.
Active Directory (AD) external, forest, and realm trust configurations are designed to extend resource access to a wider range of users (those in other directories). If specific baseline documenta...Rule Low Severity -
SRG-OS-000423
Group -
A VPN must be used to protect directory network traffic for directory service implementation spanning enclave boundaries.
The normal operation of AD requires the use of IP network ports and protocols to support queries, replication, user authentication, and resource authorization services. At a minimum, LDAP or LDAPS ...Rule Medium Severity -
SRG-OS-000480
Group -
Accounts from outside directories that are not part of the same organization or are not subject to the same security policies must be removed from all highly privileged groups.
Membership in certain default directory groups assigns a high privilege level for access to the directory. In AD, membership in the following groups enables high privileges relative to AD and the W...Rule Medium Severity -
SRG-OS-000480
Group -
Inter-site replication must be enabled and configured to occur at least daily.
Timely replication makes certain that directory service data is consistent across all servers that support the same scope of data for their clients. In AD implementation using AD Sites, domain cont...Rule Medium Severity -
SRG-OS-000032
Group -
If a VPN is used in the AD implementation, the traffic must be inspected by the network Intrusion detection system (IDS).
To provide data confidentiality, a VPN is configured to encrypt the data being transported. While this protects the data, some implementations do not allow that data to be processed through an intr...Rule Medium Severity -
SRG-OS-000480
Group -
Active Directory implementation information must be added to the organization contingency plan where the Risk Management Framework categorization for Availability is moderate or high.
When an incident occurs that requires multiple Active Directory (AD) domain controllers to be rebuilt, it is critical to understand the AD hierarchy and replication flow so that the correct recover...Rule Low Severity -
SRG-OS-000480
Group -
Active Directory must be supported by multiple domain controllers where the Risk Management Framework categorization for Availability is moderate or high.
In Active Directory (AD) architecture, multiple domain controllers provide availability through redundancy. If an AD domain or servers within it have an Availability categorization of medium or hi...Rule Medium Severity -
SRG-OS-000480
Group -
The impact of CPCON changes on the cross-directory authentication configuration must be considered and procedures documented.
When incidents occur that require a change in the Cyber Protection Conditions (CPCON) with the release of USSCI 5200-13 status, it may be necessary to take action to restrict or disable certain typ...Rule Low Severity -
SRG-OS-000480
Group -
Windows Server domain controllers must have Kerberos logging enabled with servers hosting Active Directory Certificate Services (AD CS).
Although Kerberos logging can be used for troubleshooting, it can also provide security information for successful and failed login attempts. If a malicious actor uses a forged or unauthorized cert...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.