Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / AC - Access Control

ANSSI Recommendations for Secure Administration of AD-based IS (FRENCH)

This document focuses on:

The ANSSI document “Recommandations pour l’administration sécurisée des SI reposant sur Active Directory” provides comprehensive guidance to secure information systems (SI) that rely on Microsoft’s Active Directory (AD). It emphasizes that AD administration requires specific security measures due to AD’s critical role in centralizing user identities and access controls. The guide advocates for a logical segmentation or tiered isolation (cloisonnement) of the SI into zones of trust to limit attack surfaces and lateral movement by adversaries. It highlights that attackers can exploit various vectors, including storage, virtualization, and backup infrastructures, thus these must also be secured to protect AD’s sensitive data. The document offers a detailed methodology for identifying and isolating these zones and presents 89 concrete recommendations covering architecture, privileged access management, and authentication protocols. It is intended both for initial design and ongoing improvement of AD-based SI security and targets IT administrators, security officers, and architects to foster a security-conscious administration aligned with current threat landscapes.


Publication's URL

https://cyber.gouv.fr/publications/recommandations-pour-ladministration-securisee-des-si-reposant-sur-ad

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *