Capstone Report: Effective Reviews Are Needed to Enhance the Security Posture of the Department’s Active Directories

Our objective was to identify the remaining Department Active Directories, which have not been reviewed by the Office of Inspector General (OIG), and summarize past OIG work related to the management of Active Directories. We found that a lack of adequate Active Directory security reviews caused similar issues across multiple Department bureaus and that the Department does not have a policy for regular Active Directory security reviews. Without effective security reviews, deficiencies will likely continue to exist within the Department, providing threat actors with additional potential attack paths to undermine the sensitive data and applications that are supported by Active Directories.