| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-243501 | CAT III | MONT-DC-003 | Active Directory Domain Security Technic... | The impact of CPCON changes on the cross-directory... | - | |||
Check Text1. Refer to the list of actual manual AD trusts (cross-directory configurations) collected from the site representative. 2. If there are no manual AD trusts (cross-directory configurations) defined, this check is not applicable. For AD, this includes external, forest, or realm trust relationship types. 3. Obtain a copy of the site's supplemental CPCON procedures as required by Strategic Command Directive (SD) 527-1. 4. Verify that it has been determined by the IAM whether CPCON response actions need to include procedures to disable manual AD trusts (cross-directory configurations). The objective is to determine if the need has been explicitly evaluated. 5. If it has been determined that actions to disable manual AD trusts (cross-directory configurations) are not necessary, then this check is not applicable. 6. If it has been determined that actions to disable manual AD trusts (cross-directory configurations) are necessary, verify that the policy to implement these actions has been documented. 7. If actions to disable manual AD trusts (cross-directory configurations) are needed and no policy has been documented, then this is a finding. Fix TextEvaluate cross-directory configurations (such as trusts and pass-through authentication) and provide documentation that indicates: 1. An evaluation was performed. 2. The specific AD trust configurations, if any, that must be disabled during changes in CPCON status because they could represent increased risk. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 48551156A5DDF0637531025EE03B12E7D7F6DBEE ~~~~~ No trusts are configured so this requirement is NA.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl
Scan Date: 2026-01-14T12:57:36.435963
Technology Area: Domain Name System
|
||||||||