V-269099
CAT IWindows Server running Active Directory Certificate Services (AD CS) must be managed by a PAW tier 0.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 1
Check Text
Verify that a site has set aside one or more PAWs for remote management of AD CS.
A dedicated AD CS/CA Admin account that is only usable on tier 0 PAW or the ADCS server must be used to manage the certificate authority and approve requests.
Review any available site documentation.
Verify that any PAW used to manage high-value IT resources of a specific tier are used exclusively for managing high-value IT resources assigned to only one tier.
If the site has not set aside one or more PAWs for remote management of AD CS, this is a finding.
Fix Text
Configure and set aside one or more PAWs for configuration and management of AD CS.
For AD, multiple configuration items could enable anonymous access.
Set aside one or more PAWs for remote management of high-value IT resources assigned to a specific tier. For example, using the Microsoft Tier 0-2 model, each PAW would be assigned to manage Tier 0, Tier 1, or Tier 2 high-value IT resources.
STIG Reference
- STIG
- Active Directory Forest Security Technical Implementation Guide
- Version
- 3
- Release
- 2
- Rule ID
- SV-269099r1026184_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADForest_V3R2_20251023-171845.ckl | Unassigned | 2026-01-14T12:57:36.607366 | View in Context |