| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: FC9B7A301E5B2EB58970D10864AFD58C1C7460A2 ~~~~~ No Users are in the 'Incoming Forest Trust Builders' Group Members of 'Group Policy Creator Owners' ========================= Name: MONTFORD-POINT\SHB_Admin objectClass: user objectSID: S-1-5-21-1360995287-4027491577-3040029667-500 DistinguishedName: CN=SHB_Admin,CN=Users,DC=MONTFORD-POINT,DC=navy,DC=mil Comments |
|||||
Check Text
Start "Active Directory Users and Computers" (Available from various menus or run "dsa.msc"). Review the membership of the "Incoming Forest Trust Builders" group. Navigate to the "Built-in" container. Right-click on the "Incoming Forest Trust Builders", select "Properties" and then the "Members" tab. If any accounts are not documented as necessary with the ISSO, this is a finding. Review the membership of the "Group Policy Creator Owner" group. Navigate to the "Users" container. Right-click on the "Group Policy Creator Owner", select "Properties" and then the "Members" tab. If any accounts are not documented as necessary with the ISSO, this is a finding. It is possible to move some system-defined groups from their default locations. If a group is not in the location noted, review other containers to locate.
Fix Text
Document membership of the Group Policy Creator Owners and Incoming Forest Trust Builders groups. Remove any accounts that do not require the privileges these groups assign.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryForest_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 909250FAC5A80BC1161A07D6B15B371F54411F1B ~~~~~ ========================= Name: MONTFORD-POINT\SHB_Admin objectClass: user objectSID: S-1-5-21-1360995287-4027491577-3040029667-500 DistinguishedName: CN=SHB_Admin,CN=Users,DC=MONTFORD-POINT,DC=navy,DC=mil Name: MONTFORD-POINT\d.admin objectClass: user objectSID: S-1-5-21-1360995287-4027491577-3040029667-1104 DistinguishedName: CN=D.Admin,OU=USERS,OU=MONTFORD-POINT SUPPORT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: MONTFORD-POINT\montford.exchange objectClass: user objectSID: S-1-5-21-1360995287-4027491577-3040029667-1118 DistinguishedName: CN=Exchange Admin,OU=USERS,OU=MONTFORD-POINT SUPPORT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: MONTFORD-POINT\MONTFORD-POINT LAN Management objectClass: group objectSID: S-1-5-21-1360995287-4027491577-3040029667-1193 DistinguishedName: CN=MONTFORD-POINT LAN Management,OU=GROUPS,OU=MONTFORD-POINT SUPPORT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: MONTFORD-POINT\MONTFORD-POINT Techs objectClass: group objectSID: S-1-5-21-1360995287-4027491577-3040029667-1194 DistinguishedName: CN=MONTFORD-POINT Techs,OU=GROUPS,OU=MONTFORD-POINT SUPPORT,DC=MONTFORD-POINT,DC=navy,DC=mil Comments |
|||||
Check Text
Open "Active Directory Users and Computers" on a domain controller in the forest root domain. Navigate to the "Users" container. Right-click on "Schema Admins" and select "Properties", and then select the "Members" tab. If any accounts other than the built-in Administrators group are members, verify their necessity with the ISSO. If any accounts are members of the group when schema changes are not being made, this is a finding.
Fix Text
Limit membership in the Schema Admins group to only those accounts necessary during a schema update. Remove accounts when the updates are complete. Document accounts necessary during schema updates with the ISSO.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryForest_Checks) found this to be OPEN on 10/23/2025 ResultHash: 88A87293C2622EEB484E11DDD7762929A04734DC ~~~~~ DomainRole: Primary Domain Controller NtpClient (Local) Type: NT5DS (Policy) [expected 'NTP'] Comments |
|||||
Check Text
This applies to the domain controller with the PDC Emulator role in forest root domain; it is NA for other domain controllers in the forest. Determine the domain controller with the PDC Emulator role in the forest root domain: Windows 2016 or later: Open "Windows PowerShell". Enter "Get-ADDomain -Identity [Forest Root Domain] | FT PDCEmulator", where [Forest Root Domain] is the forest root domain name, such as "example.mil". (This can also be entered without the -Identity parameter if running within the forest root domain.) Windows 2016: Open "Active Directory Users and Computers" from a domain controller in or connected to the forest root (available from various menus or run "dsa.msc"). Select "Action" in the menu, then All Tasks >> Operations Masters. Select the "PDC" tab. On the system with the PDC Emulator role, open "Windows PowerShell" or an elevated "Command Prompt" (run as administrator). Enter "W32tm /query /configuration". Under the "NtpClient" section: If the value for "Type" is not "NTP", this is a finding. If the value for "NtpServer" is not an external DOD time source, this is a finding. If an alternate time synchronization tool is used and is not enabled or not configured to a synchronize with an external DOD time source, this is a finding. The US Naval Observatory operates stratum 1 time servers, identified at https://www.cnmoc.usff.navy.mil/Our-Commands/United-States-Naval-Observatory/Precise-Time-Department/Network-Time-Protocol-NTP/. Time synchronization will occur through a hierarchy of time servers down to the local level. Clients and lower-level servers will synchronize with an authorized time server in the hierarchy.
Fix Text
Configure the forest root PDC Emulator to acquire its time from an external time source. The Windows Time Service can be configured by setting the policy value for Computer Configuration >> Administrative Templates >> System >> Windows Time Service >> Time Providers >> "Configure Windows NTP Client" to "Enabled", and configuring the "NtpServer" field to point to an authorized time server.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be OPEN on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: CED14FF37D80A240B5DBACCF38AA5ED7B6786B3C ~~~~~ 'Enable FIPS' is NOT Enabled Registry Path: HKCU:\Software\Adobe\Adobe Acrobat\DC\AVGeneral Value Name: bFIPSMode Value: 0x00000000 (0) [Expected 1] Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral Value Name: bFIPSMode Type: REG_DWORD Value: 1 If the value for bFIPSMode is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: User Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable FIPS' must be set to 'Enabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_CURRENT_USER Registry Path: \Software\Adobe\Adobe Acrobat\DC\AVGeneral Value Name: bFIPSMode Type: REG_DWORD Value: 1 Configure the policy value for User Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable FIPS' to 'Enabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be OPEN on 10/23/2025 ResultHash: 5B46D5B8BFB09AAA7562E5B84BB05F605A0A79D3 ~~~~~ Forwarders in use and root hints are NOT disabled. RecursionEnable: True UseRootHint: True [finding] Forwarders: --------------------------- 164.231.70.121 : MNOCE-DC-01.ASHORE.MSC.NAVY.MIL 164.231.102.4 : MNOCW-DC-01.ASHORE.MSC.NAVY.MIL Comments |
|||||
Check Text
Note: If the Windows DNS Server is in the classified network, this check is not applicable. If forwarders are not being used, this is not applicable. Note: In Windows DNS Server, if forwarders are configured, the recursion setting must also be enabled because disabling recursion will disable forwarders. If forwarders are not used, recursion must be disabled. In both cases, the use of root hints must be disabled. Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, right-click on the server name for the DNS server and select "Properties". Click the "Forwarders" tab. Review the IP address(es) for the forwarder(s) use. If the DNS server does not forward to another DOD-managed DNS server or to the DOD ERS, this is a finding. If "Use root hints if no forwarders are available" is selected, this is a finding.
Fix Text
Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account. Press the Windows key + R and execute "dnsmgmt.msc". On the opened DNS Manager snap-in from the left pane, right-click on the server name for the DNS server and select "Properties". Click the "Forwarders" tab. Replace the forwarders being used with another DOD-managed DNS server or the DOD ERS. Deselect "Use root hints if no forwarders are available".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: F9204B7D69DAD3DA8658D90BB56D2DB12C1A647F ~~~~~ Configured root hints: ---------------------- NameServer: A.ROOT-SERVERS.NET. IPv4Address: 198.41.0.4 IPv6Address: 2001:503:ba3e::2:30 NameServer: B.ROOT-SERVERS.NET. IPv4Address: 192.228.79.201 IPv6Address: 2001:500:84::b NameServer: C.ROOT-SERVERS.NET. IPv4Address: 192.33.4.12 IPv6Address: 2001:500:2::c NameServer: D.ROOT-SERVERS.NET. IPv4Address: 199.7.91.13 IPv6Address: 2001:500:2d::d NameServer: E.ROOT-SERVERS.NET. IPv4Address: 192.203.230.10 IPv6Address: NameServer: F.ROOT-SERVERS.NET. IPv4Address: 192.5.5.241 IPv6Address: 2001:500:2f::f NameServer: G.ROOT-SERVERS.NET. IPv4Address: 192.112.36.4 IPv6Address: NameServer: H.ROOT-SERVERS.NET. IPv4Address: 198.97.190.53 IPv6Address: 2001:500:1::53 NameServer: I.ROOT-SERVERS.NET. IPv4Address: 192.36.148.17 IPv6Address: 2001:7fe::53 NameServer: J.ROOT-SERVERS.NET. IPv4Address: 192.58.128.30 IPv6Address: 2001:503:c27::2:30 NameServer: K.ROOT-SERVERS.NET. IPv4Address: 193.0.14.129 IPv6Address: 2001:7fd::1 NameServer: L.ROOT-SERVERS.NET. IPv4Address: 199.7.83.42 IPv6Address: 2001:500:9f::42 NameServer: M.ROOT-SERVERS.NET. IPv4Address: 202.12.27.33 IPv6Address: 2001:dc3::35 Comments |
|||||
Check Text
Note: If the Windows DNS Server is in the classified network, this check is not applicable. Log on to the authoritative DNS server using the Domain Admin or Enterprise Admin account. Press the Windows key + R and execute "dnsmgmt.msc". Right-click the DNS server and select "Properties". Select the "Root Hints" tab. Verify "Root Hints" is empty or only has entries for internal zones under "Name servers:". All internet root server entries must be removed. If "Root Hints" is not empty or entries on the "Root Hints" tab under "Name servers:" are external to the local network, this is a finding.
Fix Text
Log on to the authoritative DNS server using the Domain Admin or Enterprise Admin account. Press the Windows key + R and execute "dnsmgmt.msc". Right-click the DNS server and select "Properties". Select the "Root Hints" tab. Remove the root hints from the DNS Manager, the CACHE.DNS file, and from Active Directory for name servers outside the internal network. Replace the existing root hints with new root hints of internal servers. If the DNS server is forwarding, click to select the "Do not use recursion for this domain"" check box on the "Forwarders" tab in DNS Manager to ensure the root hints will not be used.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 7EC5A18BF9192AC333D4CC14D51C880FDD39A535 ~~~~~ The following do not have appropriate permissions: C:\ProgramData\Microsoft\Crypto\Keys\125a35bfeec08eb6cf92450e6fb55cd6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\4f35ff067d87a24bf1990e568e5f967f_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\5aed67ae076fb2f5f53881c402ba0845_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\81994d8c11e3c9f13762296e22c36316_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\a4f113d03572f30f4cb27719b2babfc6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ Comments |
|||||
Check Text
Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto\Keys Note: If the folder above does not exist, this is not applicable. Verify the permissions on the folder, subfolders, and files are limited to SYSTEM and Administrators FULL CONTROL. In File Explorer: For each folder, subfolder, and file, view the Properties. Select the "Security" tab, and then click "Advanced". Default permissions: C:\ProgramData\Microsoft\Crypto\Keys Type - "Allow" for all Inherited from - "None" for all Principal - Access - Applies to SYSTEM - Full control - This folder, subfolders and files Administrators - Full control - This folder, subfolders and files Everyone - Read - This folder, subfolders, and files Alternately, use icacls: Open a command prompt and enter "icacls" followed by the directory. For each folder, subfolder, and file, view the Properties. "icacls %ALLUSERSPROFILE%\Microsoft\Crypto\Keys" C:\ProgramData\microsoft\crypto\keys NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) Everyone:(OI)(CI)(R) Successfully processed 1 files; Failed processing 0 files If any other user or group has greater than READ privileges to the %ALLUSERSPROFILE%\Microsoft\Crypto\Keys folder, subfolders, and files, this is a finding.
Fix Text
Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto\Keys Modify permissions on the keys folder, subfolders, and files to be limited to SYSTEM and Administrators FULL CONTROL, and to limit all other users/groups to READ. If additional permissions are needed, it must be documented and approved by the information system security officer (ISSO) or information system security manager (ISSM).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: EA9ADF8CB9E0266A589B46264A47E80FE235F3DD ~~~~~ The following do not have appropriate permissions: C:\ProgramData\Microsoft\Crypto Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\DSS Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\OIDInfo Principal: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Access: ReadAndExecute, Synchronize Compliant: False Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\RSA Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys Principal: Everyone Access: Write, Read, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\125a35bfeec08eb6cf92450e6fb55cd6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\4f35ff067d87a24bf1990e568e5f967f_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\5aed67ae076fb2f5f53881c402ba0845_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\81994d8c11e3c9f13762296e22c36316_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\Keys\a4f113d03572f30f4cb27719b2babfc6_e6f0542d-9c29-4936-9687-87e94910a1b8 Principal: CREATOR OWNER Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\OIDInfo\DsOIDInfo.dat Principal: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Access: ReadAndExecute, Synchronize Compliant: False Principal: BUILTIN\Users Access: ReadAndExecute, Synchronize Compliant: False Principal: Everyone Access: ReadAndExecute, Synchronize Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK Principal: NT AUTHORITY\LOCAL SERVICE Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\e04d2bb76e11a8d559731f8fcc875f7324bf0f22 Principal: NT AUTHORITY\LOCAL SERVICE Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\e04d2bb76e11a8d559731f8fcc875f7324bf0f22\fb795632abfa22e9fad1700565d5c4527e380379.PCPKEY Principal: NT AUTHORITY\LOCAL SERVICE Access: FullControl Compliant: False ------------------------------------------------------------------------ C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys Principal: Everyone Access: Write, Read, Synchronize Compliant: False ------------------------------------------------------------------------ Comments |
|||||
Check Text
Access Windows Explorer. Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto Note: If the folder above does not exist, this check is not applicable. Verify the permissions on the folder, subfolders, and files are limited to "SYSTEM" and Administrators for "FULL CONTROL". If any other user or group has greater than READ permissions to the %ALLUSERSPROFILE%\Microsoft\Crypto folder, subfolders, and files, this is a finding.
Fix Text
Access Windows Explorer. Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto Modify permissions on the folder, subfolders, and files to "FULL CONTROL" for "SYSTEM" and Administrators and to "READ" for all other users/groups. If additional permissions are needed, it must be documented and approved by the ISSO or ISSM.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Notification to the system administrator is not configurable in Windows DNS Server. For system administrators to be notified when a component fails, the system administrator would have to implement a third-party monitoring system. At a minimum, the system administrator should have a documented procedure in place to review the diagnostic logs on a routine basis every day. If a third-party monitoring system is not in place to detect and notify the system administrator upon component failures, and the system administrator does not have a documented procedure in place to review the diagnostic logs on a routine basis every day, this is a finding.
Fix Text
Implement a third-party monitoring system to detect and notify the system administrator upon component failure or, at a minimum, document and implement a procedure to review the diagnostic logs on a routine basis every day.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
This functionality should be performed by an approved and properly configured DOD system monitoring solution. If all required DOD products are not installed and /or the installed productions are not enabled, this is a finding.
Fix Text
Install an approved DOD system monitoring solution.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DNS implementation's authentication methods and settings to determine if multifactor authentication is used to gain nonlocal access for maintenance and diagnostics. If multifactor authentication is not used, this is a finding.
Fix Text
Configure the DNS system to use multifactor authentication for nonlocal access for maintenance and diagnostics.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be OPEN on 10/23/2025 ResultHash: 986E2AA371EE57C0BE58CB7A9BFDD5C0FC13FA58 ~~~~~ File System: No Auditing Comments |
|||||
Check Text
Use the AuditPol tool to review the current Audit Policy configuration: Open a Command Prompt with elevated privileges ("Run as Administrator"). Enter "AuditPol /get /category:*". Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding. Object Access >> File System - Failure
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit File System with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 9377041A89A7C9A003652C7FB32E437D88669A67 ~~~~~ Service Name: DNS Server Log on as: LocalSystem Comments |
|||||
Check Text
Review the account under which the DNS software is running and determine the permissions that account has been assigned. If the account under which the DNS software is running has not been restricted to the least privileged permissions required for the purpose of running the software, this is a finding.
Fix Text
Configure the permissions of the account being used to run the DNS software to have the least privileges required to run the DNS software.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Consult with the system administrator to determine the backup policy in place for Windows DNS Server. Review the backup methods used and determine if the backup's methods have been successful at backing up the audit records at least every seven days. If the organization does not have a backup policy in place for backing up the Windows DNS Server's audit records and/or the backup methods have not been successful at backing up the audit records at least every seven days, this is a finding.
Fix Text
Document and implement a backup policy to back up the DNS server's audit records at least every seven days.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServerDNS_Checks) found this to be OPEN on 10/23/2025 ResultHash: 0B575F416B20B37BBFDE2A14E481ED5B2F0C8C53 ~~~~~ Mode: Disable Comments |
|||||
Check Text
As an administrator, run PowerShell and enter the following command: "Get-DnsServerResponseRateLimiting". If "Mode" is not set to "Enable", this is a finding.
Fix Text
As an administrator, run PowerShell and enter the command "Set-DnsServerResponseRateLimiting" to apply default values or "Set-DnsServerResponseRateLimiting -WindowInSec 7 -LeakRate 4 -TruncateRate 3 -ErrorsPerSec 8 -ResponsesPerSec 8". These settings are just an example. For more information, go to: https://learn.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverresponseratelimiting?view=windowsserver2022-ps
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) found this to be OPEN on 10/23/2025 ResultHash: 21368FE6539B8B519519A8F79490AF701CE1B0F5 ~~~~~ Kerberos Authentication Service: No Auditing Kerberos Service Ticket Operations: No Auditing Comments |
|||||
Check Text
This applies to domain controllers only. It is not applicable for other systems. Verify the following is configured on the domain controller. Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Logon. If "Audit Kerberos Authentication Service" and "Audit Kerberos Ticket Operations" are not set to "Success and Failure", this is a finding.
Fix Text
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Logon. Configure "Audit Kerberos Authentication Service" and the "Audit Kerberos Service Ticket Operations" to be set to "Success and Failure".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users. Review the concurrent-sessions settings in the DBMS and/or the applications using it, and/or the system software supporting it. If the DBMS is capable of enforcing this restriction but is not configured to do so, this is a finding. This holds even if the restriction is enforced by applications or supporting software. If it is not technically feasible for the DBMS to enforce this restriction, but the application(s) or supporting software are configured to do so, this is not a finding. If it is not technically feasible for the DBMS to enforce this restriction, and applications and supporting software are not so configured, this is a finding. If the value for any type of user account is not set, this is a finding. If a value is set but is not equal to the value specified in the documentation (or the default value defined in this check) for the type of user, this is a finding.
Fix Text
If the DBMS is capable of enforcing this restriction, but is not configured to do so, configure it to do so. (This may involve the development of one or more triggers.) If it is not technically feasible for the DBMS to enforce this restriction, and the application(s) and supporting software are not configured to do so, configure them to do so. If the value for any type of user account is not set, determine the correct value and set it. If a value is set but is not equal to the value specified for the type of user, determine the correct value, set it, and update the documentation, as appropriate.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to determine the data and the actions on data that need to be protected from repudiation by means of audit trails. Review DBMS settings to determine whether users can be identified as individuals when using shared accounts. If the individual user who is using a shared account cannot be identified, this is a finding. Review the design and the contents of the application data tables. If they do not include the necessary audit data, this is a finding. Review the configuration of audit logs to determine whether auditing includes details identifying the individual user. If it does not, this is a finding.
Fix Text
Use accounts assigned to individual users. Where the application connects to the DBMS using a standard, shared account, ensure that it also captures the individual user identification and passes it to the DBMS. Modify application database tables and all supporting code to capture the necessary audit data. Modify the configuration of audit logs to include details identifying the individual user.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS auditing to determine whether organization-defined auditable events are being audited by the system. If organization-defined auditable events are not being audited, this is a finding.
Fix Text
Deploy a DBMS that supports the DoD minimum set of auditable events. Configure the DBMS to generate audit records for at least the DoD minimum set of events.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and documentation to determine whether designated personnel are able to select which auditable events are being audited. If designated personnel are not able to configure auditable events, this is a finding.
Fix Text
Configure the DBMS's settings to allow designated personnel to select which auditable events are audited.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when privileges/permissions/role memberships are retrieved. If the DBMS is not capable of this, this is a finding. If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when privileges/permissions/role memberships are retrieved. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when privileges/permissions/role memberships are retrieved. If currently required, configure the DBMS to produce audit records when privileges/permissions/role memberships are retrieved.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to retrieve privileges/permissions/role membership. If the DBMS is not capable of this, this is a finding. If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when the DBMS denies retrieval of privileges/permissions/role memberships. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent retrieval of privileges/permissions/role memberships. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete access to privileges/permissions/role membership. If currently required, configure the DBMS to produce audit records when it denies access to privileges/permissions/role membership. Configure the DBMS to produce audit records when other errors prevent access to privileges/permissions/role membership.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS vendor documentation to determine whether the DBMS software is capable of session auditing. If the DBMS is not capable of session auditing and a third party product is not being used for session level auditing, this is a finding. If the DBMS is capable of session level auditing and specific session audits are currently defined but session auditing is not enabled; or if a third-party product is available for session auditing and specific session audits are currently defined but session auditing is not enabled, this is a finding.
Fix Text
Deploy a DBMS capable of session auditing. Configure the DBMS software or third-party product to enable session auditing.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the audit event type is being captured and stored with the audit records. If audit records exist without information regarding what type of event occurred, this is a finding.
Fix Text
Configure DBMS audit settings to include event type as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the date and time of the event is being captured and stored with the audit records. If audit records exist without the date and time of the event, this is a finding.
Fix Text
Configure DBMS audit settings to include the date and time of the occurrence of the event as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to where the event occurred is being captured and stored with the audit records. If audit records exist without information regarding where the event occurred, this is a finding.
Fix Text
Configure DBMS audit settings to include where the event occurred as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the source (origin) of the event is being captured and stored with audit records. If audit records exist without information regarding the source of the event, this is a finding.
Fix Text
Configure DBMS audit settings to include the source of the event as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the outcome of the event is being captured and stored with the audit records. If audit records exist without the outcome of the event that occurred, this is a finding.
Fix Text
Configure DBMS audit settings to include the outcome of the event as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify a user name associated with the event is being captured and stored with the audit records. If audit records exist without specific user information, this is a finding.
Fix Text
Configure DBMS audit settings to include user name as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation to identify what additional information the organization has determined to be necessary. Check DBMS settings and existing audit records to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject. If any additional information is defined and is not contained in the audit records, this is a finding.
Fix Text
Configure DBMS audit settings to include all organization-defined detailed information in the audit records for audit events identified by type, location, or subject.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Using product documentation, verify that the DBMS uses current time stamp values obtained from or synchronized with the internal system clock used by the operating system. If it is not able to, this is a finding. If it is able to but is configured so that it does not do so, this is a finding.
Fix Text
Deploy a DBMS that can use time stamp values obtained from or synchronized with the internal system clock used by the operating system. Configure the DBMS to use time stamp values obtained from or synchronized with the internal system clock used by the operating system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review locations of audit logs, both internal to the database and database audit logs located at the operating system level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized access. If appropriate controls and permissions do not exist, this is a finding.
Fix Text
Apply controls and modify permissions to protect database audit log data from unauthorized access, whether stored in the database itself or at the OS level.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review locations of audit logs, both internal to the database and database audit logs located at the operating system level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized modification. If appropriate controls and permissions do not exist, this is a finding.
Fix Text
Apply controls and modify permissions to protect database audit log data from unauthorized modification, whether stored in the database itself or at the OS level.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review locations of audit logs, both internal to the database, and database audit logs located at the operating system level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized deletion. If appropriate controls and permissions do not exist, this is a finding.
Fix Text
Apply controls and modify permissions to protect database audit log data from unauthorized deletion, whether stored in the database itself or at the OS level.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the access permissions to tools used to view or modify audit log data. These tools may include features within the DBMS itself or software external to the database. If appropriate permissions and access controls to prevent unauthorized access are not applied to these tools, this is a finding.
Fix Text
Apply or modify access controls and permissions (both within the DBMS and in the file system/operating system) to tools used to view or modify audit log data. Tools must be accessible by authorized personnel only.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the access permissions to tools used to view or modify audit log data. These tools may include features within the DBMS itself or software external to the database. If appropriate permissions and access controls to prevent unauthorized configuration are not applied to these tools, this is a finding.
Fix Text
Apply or modify access controls and permissions (both within the DBMS and in the file system/operating system) to tools used to view or modify audit log data. Tools must be configurable by authorized personnel only.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the access permissions to tools used to view or modify audit log data. These tools may include features within the DBMS itself or software external to the database. If appropriate permissions and access controls to prevent unauthorized removal are not applied to these tools, this is a finding.
Fix Text
Apply or modify access controls and permissions (both within the DBMS and in the file system/operating system) to tools used to view or modify audit log data. Ensure that tools may be removed by authorized personnel only.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review monitoring procedures and implementation evidence to verify monitoring of changes to database software libraries, related applications, and configuration files is done. Verify the list of files, directories, and database application objects (procedures, functions, and triggers) being monitored is complete. If monitoring does not occur or is not complete, this is a finding.
Fix Text
Implement procedures to monitor for unauthorized changes to DBMS software libraries, related software application libraries, and configuration files. If a third-party automated tool is not employed, an automated job that reports file information on the directories and files of interest and compares them to the baseline report for the same will meet the requirement. Use file hashes or checksums for comparisons, as file dates may be manipulated by malicious users.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS software library directory and note other root directories located on the same disk directory or any subdirectories. If any non-DBMS software directories exist on the disk directory, examine or investigate their use. If any of the directories are used by other applications, including third-party applications that use the DBMS, this is a finding. Only applications that are required for the functioning and administration, not use, of the DBMS should be located in the same disk directory as the DBMS software libraries. If other applications are located in the same directory as the DBMS, this is a finding. For databases located on mainframes, confirm that the database and its configuration files are isolated in their own DASD pools. If database software and database configuration files share DASD with other applications, this is a finding.
Fix Text
Install all applications on directories separate from the DBMS software library directory. Relocate any directories or reinstall other application software that currently shares the DBMS software library directory. For mainframe-based databases, locate database software and configuration files in separate DASD pools from other mainframe applications.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s). If any database objects are found to be owned by users not authorized to own database objects, this is a finding.
Fix Text
Assign ownership of authorized objects to authorized object owner accounts.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Identify the group(s)/role(s) established for DBMS modification. Obtain the list of users in those group(s)/roles. Identify the individuals authorized to modify the DBMS. If unauthorized access to the group(s)/role(s) has been granted, this is a finding.
Fix Text
Revoke unauthorized memberships in the DBMS modification group(s)/role(s).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review vendor documentation and vendor websites to identify vendor-provided demonstration or sample databases, database applications, objects, and files. Review the DBMS to determine if any of the demonstration and sample databases, database applications, or files are installed in the database or are included with the DBMS application. If any are present in the database or are included with the DBMS application, this is a finding.
Fix Text
Remove any demonstration and sample databases, database applications, objects, and files from the DBMS.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the list of components and features installed with the database. Use the DBMS product installation tool if supported and review the product installation documentation. If unused components or features are installed and are not documented and authorized, this is a finding.
Fix Text
Uninstall unused components or features that are installed and can be uninstalled. Remove any database objects and applications that are installed to support them.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS for unused components of the system that cannot be uninstalled. If unused components or features are present on the system, can be disabled, and are not disabled, this is a finding.
Fix Text
Disable any unused components or features that cannot be uninstalled.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the database for definitions of application executable objects stored external to the database. Determine if there are methods to disable use or access, or to remove definitions for external executable objects. Verify each application executable object listed is authorized by the ISSO. If any are not, this is a finding.
Fix Text
Disable use of or remove any external application executable object definitions that are not authorized.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS settings and local documentation for functions, ports, protocols, and services that are not approved. If any are found, this is a finding.
Fix Text
Disable functions, ports, protocols, and services that are not approved.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings to determine whether organizational users are uniquely identified and authenticated when logging on/connecting to the system. If organizational users are not uniquely identified and authenticated, this is a finding.
Fix Text
Configure DBMS settings to uniquely identify and authenticate all organizational users who log on/connect to the system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS configuration to verify that certificates being accepted by the DBMS are validated by performing RFC 5280-compliant certification path validation. If certificates are not being validated by performing RFC 5280-compliant certification path validation, this is a finding.
Fix Text
Configure the DBMS to validate certificates by performing RFC 5280-compliant certification path validation.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS configuration to verify DBMS user accounts are being mapped directly to unique identifying information within the validated PKI certificate. If user accounts are not being mapped to authenticated identities, this is a finding.
Fix Text
Configure the DBMS to map the authenticated identity directly to the DBMS user account.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings to determine whether non-organizational users are uniquely identified and authenticated when logging onto the system. If non-organizational users are not uniquely identified and authenticated, this is a finding.
Fix Text
Configure DBMS settings to uniquely identify and authenticate all non-organizational users who log onto the system.