UCF STIG Viewer Logo

CISCO CSS DNS


Overview

Date Finding Count (10)
2015-12-29 CAT I (High): 1 CAT II (Med): 2 CAT III (Low): 7
STIG Description
The CISCO CSS DNS Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-4512 High CSS DNS does not cryptographically authenticate APP sessions.
V-4507 Medium The Cisco CSS DNS is utilized to host the organizations authoritative records and DISA Computing Services does not support that host in its csd.disa.mil domain and associated high-availability server infrastructure.
V-4510 Medium Forwarders are not disabled on the CSS DNS.
V-4508 Low Zones are delegated with the CSS DNS.
V-4509 Low The CSS DNS does not transmit APP session data over an out-of-band network if one is available.
V-14756 Low The DNS administrator will ensure non-routeable IPv6 link-local scope addresses are not configured in any zone. Such addresses begin with the prefixes of “FE8”, “FE9”, “FEA”, or “FEB”.
V-4506 Low The shared secret in the APP session(s) was not a randomly generated 32 character text string.
V-4467 Low Record owners will validate their zones no less than annually. The DNS database administrator will remove all zone records that have not been validated in over a year.
V-14757 Low AAAA addresses are configured on a host that is not IPv6 aware.
V-4469 Low Zone-spanning CNAME records, that point to a zone with lesser security, are active for more than six months.