STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Active Directory Domain Security Technical Implementation Guide

V-243475

CAT II (Medium)

Domain controllers must be blocked from Internet access.

Rule ID

SV-243475r959010_rule

STIG

Active Directory Domain Security Technical Implementation Guide

Version

V3R7

CCIs

CCI-000366

Discussion

Domain controllers provide access to highly privileged areas of a domain. Such systems with Internet access may be exposed to numerous attacks and compromise the domain. Restricting Internet access for domain controllers will aid in protecting these privileged areas from being compromised.

Check Content

Verify domain controllers are blocked from Internet access.  Various methods may be employed to accomplish this, such as restrictions at boundary firewalls, through proxy services, host based firewalls or IPsec.

Review the Internet access restrictions with the administrator.  If Internet access is not prevented, this is a finding.

If a critical function requires Internet access, this must be documented and approved by the organization.

Fix Text

Block domain controllers from internet access.  This can be accomplished with various methods, such as restrictions at boundary firewalls, proxy services, host based firewalls, or IPsec.   

If a critical function requires Internet access, this must be documented and approved by the organization.