This work program focuses on the general, platform configuration, and platform security areas of the infrastructure of an active directory. It includes the key control questions, the preferred controls/goal state for production and intent/status of designed control for each question.
Sample control questions include: Has a system re-accreditation process been implemented to periodically evaluate the security configuration of the active directory infrastructure? Has an incident response procedure been developed to handle possible system compromises? Have business continuity plan (BCP) and disaster recovery plans been defined and implemented to cover the active directory implementation/devices?