| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 48551156A5DDF0637531025EE03B12E7D7F6DBEE ~~~~~ No trusts are configured so this requirement is NA. Comments |
|||||
Check Text
1. Refer to the list of actual manual AD trusts (cross-directory configurations) collected from the site representative. 2. If there are no manual AD trusts (cross-directory configurations) defined, this check is not applicable. For AD, this includes external, forest, or realm trust relationship types. 3. Obtain a copy of the site's supplemental CPCON procedures as required by Strategic Command Directive (SD) 527-1. 4. Verify that it has been determined by the IAM whether CPCON response actions need to include procedures to disable manual AD trusts (cross-directory configurations). The objective is to determine if the need has been explicitly evaluated. 5. If it has been determined that actions to disable manual AD trusts (cross-directory configurations) are not necessary, then this check is not applicable. 6. If it has been determined that actions to disable manual AD trusts (cross-directory configurations) are necessary, verify that the policy to implement these actions has been documented. 7. If actions to disable manual AD trusts (cross-directory configurations) are needed and no policy has been documented, then this is a finding.
Fix Text
Evaluate cross-directory configurations (such as trusts and pass-through authentication) and provide documentation that indicates: 1. An evaluation was performed. 2. The specific AD trust configurations, if any, that must be disabled during changes in CPCON status because they could represent increased risk.