STIGQter: STIG Summary: Active Directory Domain Security Technical Implementation Guide (STIG) Version: 2 Release: 13 Benchmark Date: 26 Apr 2019:

Domain controllers must be blocked from Internet access.

DISA Rule

SV-67945r1_rule

Vulnerability Number

V-53727

Group Title

AD.0015

Rule Version

AD.0015

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Block domain controllers from internet access. This can be accomplished with various methods, such as restrictions at boundary firewalls, proxy services, host based firewalls, or IPsec.

If a critical function requires Internet access, this must be documented and approved by the organization.

Check Contents

Verify domain controllers are blocked from Internet access. Various methods may be employed to accomplish this, such as restrictions at boundary firewalls, through proxy services, host based firewalls or IPsec.

Review the Internet access restrictions with the administrator. If Internet access is not prevented, this is a finding.

If a critical function requires Internet access, this must be documented and approved by the organization.

Vulnerability Number

V-53727

Documentable

False

Rule Version

AD.0015

Severity Override Guidance

Verify domain controllers are blocked from Internet access. Various methods may be employed to accomplish this, such as restrictions at boundary firewalls, through proxy services, host based firewalls or IPsec.

Review the Internet access restrictions with the administrator. If Internet access is not prevented, this is a finding.

If a critical function requires Internet access, this must be documented and approved by the organization.

Check Content Reference

M

Target Key

870

Comments