|
|
|
|
 |
|
Active Directory Security Technical Implementation Guide Version 1, Release 1
|
Name |
Active Directory Security Technical Implementation Guide Version 1, Release 1
|
|
Version |
Version 1, Release 1 |
|
Status |
Final
|
| Creation
Date |
March 10, 2006
|
| Revision
Date |
Unknown |
| Product
Category |
Directory Services
|
| Vendor |
Microsoft Corporation |
| Product |
Microsoft Active Directory
|
| Product
Version |
Microsoft Windows 2000 Active Directory, Microsoft Windows 2003 Active Directory |
| Product
Role |
Directory Server
|
|
Checklist
Summary |
This Active Directory (AD) Security Technical Implementation Guide (STIG) provides security configuration guidance for the implementation of Active Directory on Microsoft Windows servers deployed within the Department of Defense (DOD). This STIG also provides general guidance for AD maintenance and synchronization products that might be used in conjunction with AD. This document describes security requirements to be applied to implementations of AD in DOD environments. Application of the requirements is intended to provide a certain level of assurance. Individual sites must determine the level of assurance that is appropriate to their environment and mission. This document provides specific security guidance for AD as implemented on computers running the Windows 2000 Server or Windows Server 2003 operating systems. General guidance is provided for products or locally developed solutions that perform AD maintenance and synchronization functions
|
| Known
Issues |
Not available
|
| Target
Audience |
The information is designed to assist Security Managers, Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with the implementation of more secure AD configurations
|
| Target
Operational Environment |
Enterprise
|
| Checklist
Installation Tools |
Not available
|
| Rollback
Capability |
Not available
|
| Testing
Information |
Not available
|
| NIAP/CMVP
Status |
Not available
|
| Regulatory
Compliance |
Not available
|
Comments,
Warnings, Disclaimer, Miscellaneous
|
The requirements are based on the versions of Microsoft Windows 2000 Server and Windows Server 2003 with the current service packs and security fixes at the time this document was written. Specifically, changes introduced with Windows Server 2003 Release 2 are not reflected. As with the implementation of all security configuration guidance, DOD Components should test configuration settings to ensure that their specific environment is not impacted in unintended ways. |
| Disclaimer |
Not available
|
| Product
Support |
FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers
|
| Submitting
Organization/Authors |
Defense Information Systems Agency
|
| Point
of Contact |
Not available
|
| Sponsor |
Not available
|
| Licensing |
Not available
|
| Checklist
Homepage |
http://iase.disa.mil/stigs/ |
| Download
Package |
http://iase.disa.mil/stigs/stig/active-directory-stig-v1r1.pdf |
| Integrity |
sha1
(active-directory-stig-v1r1.pdf) = 7922a8bcbce6b7ace54b6e648d27c5694a908c76
sha256 (active-directory-stig-v1r1.pdf) = 48d523850a3d5a812e12e0eb7d1ac460699536e08eebf50509095838537e504a
|
| Change
History |
Not available |
| Dependency/Requirement |
Windows 2003/XP/2003 Addendum, Active Directory User Object Attributes Specification, the DOD Active Directory Concept of Operations, DOD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM), and the technical bulletins that are published by the Joint Task Force - Global Network Operations (JTF-GNO). |
| References |
Department of Defense Directive 8500.1, “Information Assurance (IA),” 24 October 2002.
Department of Defense Instruction 8500.2, “Information Assurance (IA) Implementation,” 6 February 2003.
Department of Defense Instruction 8520.2 “Public Key Infrastructure (PKI) and Public Key (PK) Enabling,” April 1, 2004.
Department of Defense Instruction 8551.1, “Ports, Protocols, and Services Management (PPSM),” 13 August 2004.
Department of Defense Memorandum, “Open Source Software (OSS) in the Department of Defense (DOD),” 28 May 2003.
Department of Defense, “Department of Defense Active Directory Concept of Operations”, Final Coordinating Draft, Rev 1.1, 24 June 2005.
Department of Defense, “Active Directory User Object Attributes Specification”, Version 1.0, April 2005.
Defense Information Systems Agency (DISA), “Database Security Technical Implementation Guide”.
Defense Information Systems Agency (DISA), “Domain Name System Security Technical Implementation Guide”. |
| NIST
Identifier |
<NIST
will complete this field> |
|
|
|
NIST and the checklist submitter do not guarantee or warrant the checklist's
accuracy or completeness. NIST is not responsible for loss, damage, or
problems that may be caused by using the checklist.
|
