UCF STIG Viewer Logo

CISCO CSS DNS



Findings (MAC I - Mission Critial Classified)

Finding ID Severity Title
V-4512 High CSS DNS does not cryptographically authenticate APP sessions.
V-4507 Medium The Cisco CSS DNS is utilized to host the organizations authoritative records and DISA Computing Services does not support that host in its csd.disa.mil domain and associated high-availability server infrastructure.
V-4510 Medium Forwarders are not disabled on the CSS DNS.
V-4508 Low Zones are delegated with the CSS DNS.
V-4509 Low The CSS DNS does not transmit APP session data over an out-of-band network if one is available.
V-14756 Low The DNS administrator will ensure non-routeable IPv6 link-local scope addresses are not configured in any zone. Such addresses begin with the prefixes of “FE8”, “FE9”, “FEA”, or “FEB”.
V-4506 Low The shared secret in the APP session(s) was not a randomly generated 32 character text string.
V-4467 Low Record owners will validate their zones no less than annually. The DNS database administrator will remove all zone records that have not been validated in over a year.
V-14757 Low AAAA addresses are configured on a host that is not IPv6 aware.
V-4469 Low Zone-spanning CNAME records, that point to a zone with lesser security, are active for more than six months.