STIGQter STIGQter: STIG Summary:

Active Directory Forest Security Technical Implementation Guide (STIG)

Version: 2

Release: 8 Benchmark Date: 27 Jul 2018

SV-30998r3_ruleChanges to the AD schema must be subject to a documented configuration management process.
SV-9052r2_ruleAnonymous Access to AD forest data above the rootDSE level must be disabled.
SV-9054r3_ruleThe Windows Time Service on the forest root PDC Emulator must be configured to acquire its time from an external time source.
SV-30999r4_ruleUpdate access to the directory schema must be restricted to appropriate accounts.
SV-87487r1_ruleMembership to the Schema Admins group must be limited.