| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-269099 | CAT I | MONT-DC-003 | Active Directory Forest Security Technic... | Windows Server running Active Directory Certificat... | - | |||
Check TextVerify that a site has set aside one or more PAWs for remote management of AD CS. A dedicated AD CS/CA Admin account that is only usable on tier 0 PAW or the ADCS server must be used to manage the certificate authority and approve requests. Review any available site documentation. Verify that any PAW used to manage high-value IT resources of a specific tier are used exclusively for managing high-value IT resources assigned to only one tier. If the site has not set aside one or more PAWs for remote management of AD CS, this is a finding. Fix TextConfigure and set aside one or more PAWs for configuration and management of AD CS. For AD, multiple configuration items could enable anonymous access. Set aside one or more PAWs for remote management of high-value IT resources assigned to a specific tier. For example, using the Microsoft Tier 0-2 model, each PAW would be assigned to manage Tier 0, Tier 1, or Tier 2 high-value IT resources.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADForest_V3R2_20251023-171845.ckl
Scan Date: 2026-01-14T12:57:36.607366
Technology Area: Domain Name System
|
||||||||