| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-243498 | CAT II | MONT-DC-003 | Active Directory Domain Security Technic... | If a VPN is used in the AD implementation, the tra... | - | |||
Check Text1. Interview the site representative. Ask about the location of the domain controllers. 2. If domain controllers are not located in multiple enclaves, then this check is not applicable. 3. If domain controllers are located in multiple enclaves and a VPN is not used, then this check is not applicable. 4. If domain controllers are located in multiple enclaves and a VPN is used, review the site network diagram(s) with the SA, NSO, or network reviewer as required to determine if the AD network traffic is visible to a network or host IDS. 5. If the AD network traffic is not visible to a network or host IDS, then this is a finding. Fix TextReplace the VPN solution or reconfigure it so that directory data is inspected by a network or host-based IDS. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 340AB6AA28AE4B02E7062963172834B876B28F0A ~~~~~ Hostname: MONT-DC-003.MONTFORD-POINT.navy.mil OperatingSystem: Windows Server 2016 Standard IPv4Address: 164.231.187.34 IPv6Address: ::1 Forest: MONTFORD-POINT.navy.mil Site: Default-First-Site-Name IsGlobalCatalog: True IsReadOnly: False Hostname: MONT-DC-004.MONTFORD-POINT.navy.mil OperatingSystem: Windows Server 2016 Standard IPv4Address: 164.231.187.35 IPv6Address: Forest: MONTFORD-POINT.navy.mil Site: Default-First-Site-Name IsGlobalCatalog: True IsReadOnly: False
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl
Scan Date: 2026-01-14T12:57:36.435963
Technology Area: Domain Name System
|
||||||||