The FDIC's Security Controls Over Microsoft Windows Active Directory
Provide additional training to emphasize password requirements for privileged account users and communicate the effect of poor password practices, including those identified in this report.
Develop and implement controls to monitor and track password usage for privileged users and domain administrators to mitigate insecure password practices.
Approve and maintain Secure Baseline Configuration Guide deviations for accounts in the identified domain, as appropriate.
Develop and implement policies and procedures to automate the password creation and management process for privileged Active Directory accounts.
Identify inactive user accounts and disable or delete them in accordance with FDIC policy.
Design and implement mitigating controls to address occurrences where the automated inactivity setting is inoperable.
Develop and implement a process to regularly evaluate the roles to determine whether they are still needed or duplicative of other roles.
Develop and implement a process to reconcile conflicting certification determinations for duplicative roles.
Update and implement procedures to proactively update or replace operating systems before vendor support ends.
Develop and implement a process to monitor all domain controllers and ensure that any exceptions are addressed timely.