UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A cryptographic key used to secure DNS transactions has been utilized on a name server for more than one year.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4480 DNS0445 SV-4480r2_rule DCNR-1 Medium
Description
Keys are more likely to be compromised if they remain in use for over a year.
STIG Date
BIND DNS STIG 2015-01-05

Details

Check Text ( C-3526r1_chk )
BIND

Instruction: With the SA’s assistance, the reviewer should locate the file directory that contains the TSIG keys (i.e., /etc/dns/keys/) and then list the files in that directory (e.g., by using the UNIX ls –l command). The key statements in named.conf will provide the location of the key files. If any of them have a last modified time stamp that is more than one year old, then this is a finding.

Fix Text (F-4365r1_fix)
The IAO should execute the organizations procedure for TSIG key supersession.