1) Obtain a hierarchical representation of the Active Directory structure, beginning with the forest(s). 2) Determine if the forest structure provides for a separation between service administrators (responsible for Active Directory design and highest level of administration) and data administrators (responsible for user credentials, access rights, etc.). 3) Obtain a list of all forest owners and determine that all forest owners are trusted and that appropriate background verification has been completed for each owner. 4) Determine that service administrators responsible for intranet and extranet forests have separate, isolated user IDs for each internal and external forest. 5) Determine that users from other forests are not members of the groups that: • Are responsible for service management or manage membership of service administrator groups. • They have administrative control over computers that store protected data.
Login to your subscription to download the complete template
All materials contained on this site are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, broadcast, performed nor used to prepare derivative works, without the prior written permission of AuditNet®. You may not alter or remove any trademark, copyright, logo or other notice from copies of the content. For further information, see section 1 of the Terms and Conditions and section 2 of the Subscriber Access Agreement.