Active Directory Oversight Needs Improvement

The Chief Information Officer should ensure that the Enterprise Operations function follows the established processes and procedures to remediate all critical and high vulnerability scan findings.

The Chief Information Officer should ensure that application compliance checkers use up-to-date guidelines to provide recognized, standardized, and established benchmarks that stipulate contemporary secure configuration settings.

The Chief Information Officer should review all business role accounts in the ISRP AD forests and ensure that they are in compliance with IRM policy regarding account disabling, quarantining, and removal.

The Chief Information Officer should ensure that business role account passwords are appropriately configured to expire and require that PIV cards be used in accordance with policy.

The Chief Information Officer should ensure that service account passwords are appropriately configured to expire.