| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 340AB6AA28AE4B02E7062963172834B876B28F0A ~~~~~ Hostname: MONT-DC-003.MONTFORD-POINT.navy.mil OperatingSystem: Windows Server 2016 Standard IPv4Address: 164.231.187.34 IPv6Address: ::1 Forest: MONTFORD-POINT.navy.mil Site: Default-First-Site-Name IsGlobalCatalog: True IsReadOnly: False Hostname: MONT-DC-004.MONTFORD-POINT.navy.mil OperatingSystem: Windows Server 2016 Standard IPv4Address: 164.231.187.35 IPv6Address: Forest: MONTFORD-POINT.navy.mil Site: Default-First-Site-Name IsGlobalCatalog: True IsReadOnly: False Comments |
|||||
Check Text
1. Review the site's network diagram(s) to determine if domain controllers for the domain are located in multiple enclaves. The object is to determine if network traffic is traversing enclave network boundaries. 2. Request information about RODC or ADAM instances are installed. In particular, request details of Active Diretory functionality installed or extended into the DMZ or configured/allowed to cross the sites outbound firewall boundary. Ensure communications and replication traffic is encrypted. 3. If domain controllers are not located in multiple enclaves, then this check is not applicable. 4. If domain controllers are located in multiple enclaves, verify that a VPN is used to transport the network traffic (replication, user logon, queries, etc.). 5. If a VPN solution is not used to transport directory network traffic across enclave boundaries, then this is a finding. 6. If the ADAM mode is in use and a migration plan for converting to RODC is not in place, then this is a finding.
Fix Text
Implement a VPN or other network protection solution in accordance with the Network Infrastructure STIG that protects AD data in transit across DoD enclave boundaries.