Skip to main content
CUI

Scan: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl

Back to USNS MONTFORD POINT Scans

Scan Information

Hull Number
T-ESD-1
Scan Date
2026-01-14
Source File
MONT-DC-003 ADDomain 20251023-171837
Source Tool
Evaluate-STIG
Imported
2026-01-14 17:57
Hostname (from CKL asset — override if blank or incorrect)
Upgrade History Export CSV Export Excel
STIG Benchmark

Active Directory Domain Security Technical Implementation Guide

Version

V3R7

Score

68.6%

Total

36

Open

11

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname
MONT-DC-003
STIG Benchmark
Active Directory Domain Security Technical Implementation Guide
Current Area: Domain Name System
View all findings in Domain Name System area →

STIG Rule Mapping

36
Mapped to STIG
0
Unmapped
36
Total Findings
All findings mapped to STIG rules.

Checklist Scoring

Severity Not a Finding Not Applicable Open Not Reviewed Total
CAT I 0 2 3 0 5
CAT II 12 6 8 1 27
CAT III 1 3 0 0 4
Total 13 11 11 1 36
Filter:

Vuln IDs (36)

V-243466 Membership to the Enterprise Admins group must be ...
V-243467 Membership to the Domain Admins group must be rest...
V-243468 Administrators must have separate accounts specifi...
V-243469 Administrators must have separate accounts specifi...
V-243470 Delegation of privileged accounts must be prohibit...
V-243471 Local administrator accounts on domain systems mus...
V-243472 Separate smart cards must be used for Enterprise A...
V-243473 Separate domain accounts must be used to manage pu...
V-243475 Domain controllers must be blocked from Internet a...
V-243476 All accounts, privileged and unprivileged, that re...
V-243477 User accounts with domain level administrative pri...
V-243478 Domain-joined systems (excluding domain controller...
V-243479 The Directory Service Restore Mode (DSRM) password...
V-243480 The domain functional level must be at a Windows S...
V-243481 Access to need-to-know information must be restric...
V-243482 Interconnections between DoD directory services of...
V-243483 A controlled interface must have interconnections ...
V-243484 Security identifiers (SIDs) must be configured to ...
V-243485 Selective Authentication must be enabled on outgoi...
V-243486 The Anonymous Logon and Everyone groups must not b...
V-243487 Membership in the Group Policy Creator Owners and ...
V-243488 User accounts with delegated authority must be rem...
V-243489 Read-only Domain Controller (RODC) architecture an...
V-243490 Usage of administrative accounts must be monitored...
V-243491 Systems must be monitored for attempts to use loca...
V-243492 Systems must be monitored for remote desktop logon...
V-243493 Active Directory data must be backed up daily for ...
V-243494 Each cross-directory authentication configuration ...
V-243495 A VPN must be used to protect directory network tr...
V-243496 Accounts from outside directories that are not par...
V-243497 Inter-site replication must be enabled and configu...
V-243498 If a VPN is used in the AD implementation, the tra...
V-243499 Active Directory implementation information must b...
V-243500 Active Directory must be supported by multiple dom...
V-243501 The impact of CPCON changes on the cross-directory...
V-269097 Windows Server domain controllers must have Kerber...

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to USNS MONTFORD POINT Scans
CUI