STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:

Delegation of privileged accounts must be prohibited.

DISA Rule

SV-47841r2_rule

Vulnerability Number

V-36435

Group Title

Delegation of Privileged Accounts

Rule Version

AD.0005

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Open Active Directory Users and Computers. View the properties of all privileged accounts. Under the Account tab, select "Account is sensitive and cannot be delegated" in the Account Options section.

Check Contents

Review the properties of all privileged accounts in Active Directory Users and Computers. Under the Account tab, verify "Account is sensitive and cannot be delegated" is selected in the Account Options section. If delegation is not prohibited for any privileged account, this is a finding.

Vulnerability Number

V-36435

Documentable

False

Rule Version

AD.0005

Severity Override Guidance

Review the properties of all privileged accounts in Active Directory Users and Computers. Under the Account tab, verify "Account is sensitive and cannot be delegated" is selected in the Account Options section. If delegation is not prohibited for any privileged account, this is a finding.

Check Content Reference

M

Target Key

870

Comments