Active Directory Security Checklists
The following high-level Active Directory security checklist is designed to help organizations identify all important aspects of Active Directory security that should be covered in an Active Directory Security Audit –
This checklist is NOT intended to be an in-depth checklist because Active Directory deployments can vary substantially in nature, from a small, simple single domain forest deployment, to a complex, large multi-forest deployment, and thus it is not trivial to design a simple one-size-fits-all type detailed checklist.
This checklist IS designed to help organizations identify all the areas of Active Directory security that should be covered during an Active Directory security audit. The items on this list are presented in order of priority.
It is recommended that organizations customize a high-level checklist, such as this one, to suit their unique Active Directory security audit requirements and needs, taking into account the complexity of their deployments, the periodicity of such audits, and the resources available to them to perform such audits.
Example – For instance, here is one example wherein the Defense Information Systems Agency (DISA) developed an Active Directory Security Checklist for the United States Department of Defense. A quick review of the checklist indicates that this particular checklist covers Domain Controller Security in more depth than it covers areas such as Administrative Account Reduction or Delegated Access Rights Lockdown.
Active Directory Audit and Auditing Checklists
In addition to the above, the following are 2 additional helpful checklists, on Audit and Auditing –