STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:

The Directory Service Restore Mode (DSRM) password must be changed at least annually.

DISA Rule

SV-32179r3_rule

Vulnerability Number

V-25840

Group Title

DSRM Password Change Policy

Rule Version

AD.0151

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Change the DSRM password at least annually.

Check Contents

Verify the organization has a process that addresses DSRM password change frequency.

If DSRM passwords are not changed at least annually, this is a finding.

Vulnerability Number

V-25840

Documentable

False

Rule Version

AD.0151

Severity Override Guidance

Verify the organization has a process that addresses DSRM password change frequency.

If DSRM passwords are not changed at least annually, this is a finding.

The Directory Service Restore Mode (DSRM) password must be changed at least annually.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments