Skillplan AD Checklist
2026-05-20 16:34
AD
Security Checklist
de
en
fr
it
System Online
← Back to sections
Mitigation Controls · Section 8 of 17
Mitigating a Golden Certificate
Assessment Progress
0
/ 95 items
0%
Fulfillment so far
0
/ 0 controls
0%
Explain this attack
Use MFA to authenticate privileged users of systems.
Not Fulfilled
Fulfilled
Accepted
Implement application control on AD CS CAs.
Not Fulfilled
Fulfilled
Accepted
Use a HSM to protect key material for AD CS CAs.
Not Fulfilled
Fulfilled
Accepted
Limit access to AD CS CAs to only privileged users that require access.
Not Fulfilled
Fulfilled
Accepted
Restrict privileged access pathways to AD CS CA servers to jump servers and secure admin workstations using only the ports and services that are required for administration.
Not Fulfilled
Fulfilled
Accepted
Only use AD CS CA servers for AD CS and do not install any non-security-related services or applications.
Not Fulfilled
Fulfilled
Accepted
Encrypt and securely store backups of AD CS CA servers and limit access to only Backup Administrators.
Not Fulfilled
Fulfilled
Accepted
Centrally log and analyse AD CS CA logs in a timely manner to identify malicious activity.
Not Fulfilled
Fulfilled
Accepted
Save and Continue →
