Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13037 | DNS0130 | SV-13605r1_rule | ECAR-1 ECAR-2 ECAR-3 | Low |
Description |
---|
DNS software has a history of vulnerabilities and new ones may be discovered at any time. To ensure that attackers cannot take advantage of known DNS vulnerabilities applicable software patches and patches must be applied. Patch and DNS software upgrade documentation must be maintained to ensure the DNS name servers are protected from these vulnerabilities and current with required patches and software upgrades. |
STIG | Date |
---|---|
DNS Policy | 2013-07-08 |
Check Text ( C-3360r1_chk ) |
---|
DNS patch and upgrade change records must include records of the date and time each patch or upgrade to DNS software was implemented, and by whom. The method of verification may be considered weak, but the requirement is merely to document the dates and times of DNS software patch and upgrades. Instruction: If there is no patch and upgrade log, then this is a finding. If there is such a log, then entries must include the date and time of any change as well as the identity of the administrator. Failure to include this information for any entry is a finding. |
Fix Text (F-4342r1_fix) |
---|
The SA should establish and maintain a log of the date and time each patch and upgrade to DNS software was implemented. |