Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4480 | DNS0445 | SV-4480r2_rule | DCNR-1 | Medium |
Description |
---|
Keys are more likely to be compromised if they remain in use for over a year. |
STIG | Date |
---|---|
BIND DNS STIG | 2015-01-05 |
Check Text ( C-3526r1_chk ) |
---|
BIND Instruction: With the SA’s assistance, the reviewer should locate the file directory that contains the TSIG keys (i.e., /etc/dns/keys/) and then list the files in that directory (e.g., by using the UNIX ls –l command). The key statements in named.conf will provide the location of the key files. If any of them have a last modified time stamp that is more than one year old, then this is a finding. |
Fix Text (F-4365r1_fix) |
---|
The IAO should execute the organizations procedure for TSIG key supersession. |