The FDIC's Security Controls Over Microsoft Windows Active Directory
Report Information
Unimplemented Recommendations
Provide additional training to emphasize password requirements for privileged account users and communicate the effect of poor password practices, including those identified in this report.
Develop and implement controls to monitor and track password usage for privileged users and domain administrators to mitigate insecure password practices.
Develop and implement policies and procedures to automate the password creation and management process for privileged Active Directory accounts.
Design and implement mitigating controls to address occurrences where the automated inactivity setting is inoperable.
Develop and implement a process to regularly evaluate the roles to determine whether they are still needed or duplicative of other roles.
Develop and implement a process to reconcile conflicting certification determinations for duplicative roles.
Update and implement procedures to proactively update or replace operating systems before vendor support ends.
Develop and implement a process to monitor all domain controllers and ensure that any exceptions are addressed timely.