Free Active Directory Compliance tool for CIS benchmarks, SOX, NIST, GDPR and HIPAA. I’ve created a Powershell script that outputs a HTML report on the status of your Active Directory in regards to your compliance. Run on as many domains as you need. You can run it remotely, just specify the domain controller and the script will run against your DC. It checks the following:
Free Active Directory Compliance Dashboard
Get Powershell Script
- Customise with your own logo
- Filter by compliance type
- Filter by compliance status
Active Directory CIS Benchmarks
The Powershell script will check the following against CIS benchmarks for your Active Directory domain:
- Ensure ‘Account lockout duration’ is set to ’15 or more minute(s)’
- Ensure ‘Account lockout threshold’ is set to ’10 or fewer invalid logon attempt(s)’
- Ensure ‘Password minimum length’ is set to ’14 or more character(s)’
- Ensure ‘Password history size’ is set to ’24 or more password(s)’
- Ensure ‘Maximum password age’ is set to ’60 or fewer days, but not 0′
- Ensure ‘Minimum password age’ is set to ‘1 or more day(s)’
- Ensure ‘Enable computer and user accounts to be trusted for delegation’ is set to ‘No One’
- Ensure ‘User Rights Assignment: Access this computer from the network’ is set to ‘Administrators, Authenticated Users’
Active Directory NIST Compliance
The compliance Powershell script will also check your domain controllers against NIST compliance best practices:
- Ensure ‘Audit Log Retention’ is set to ‘365 or more days’
- Ensure ‘Windows Firewall: Domain Profile’ is set to ‘On’
- Ensure ‘Audit: Audit the access of global system objects’ is set to ‘Disabled’
- Ensure ‘Audit: Shut down system immediately if unable to log security audits’ is set to ‘Disabled’
Active Directory SOX Compliance
The compliance report will also check the SOX compliance for the following on your Active Directory domain controllers:
- Ensure ‘Logon Events are Audited’
GDPR Compliance for Active Directory
For GDPR compliance the report will check the following is configured within your Active Directory:
- Ensure ‘Access Control Policy’ is implemented
- Ensure ‘Data Encryption’ is enforced
Active Directory HIPAA Compliance
And HIPAA compliance report is also generated to check the following in AD:
- Ensure ‘Audit Controls’ are in place
- Ensure ‘Access Controls’ are enforced
Domain Statistics
In the Active Directory report it will also show the following stats about your users and groups in your domain:
- Domain name
- Number of users
- Number of groups
- Number of disabled users
- Number of domain admins
There is also a compliance risk assessment that will show your current compliance risk based on the results.
Improve your AD Compliance
Free Active Directory Compliance Dashboard
Get Powershell Script
- Customise with your own logo
- Filter by Compliance Type
- Filter by compliance status
InfraSOS Reporting & Auditing Platform
Active Directory Password Reports
Active Directory Group Reports
Active Directory Computer Reports
Related posts:
- Get-ADUser Filter OU – List Users from a Specific OU
- Get-MgUserMemberOf – List Group Memberships of Azure AD User PowerShell
- How to Monitor Office 365 Activity Logs for Improved Security
- Create Active Directory Logon Reports with PowerShell
- Office 365 Compliance: Meet Security & Compliance Requirements