UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS architecture is not documented to include specific roles for each DNS server, the security controls in place, and what networks are able to query each server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13050 DNS0160 SV-13618r1_rule ECSC-1 Low
Description
Without current and accurate documentation, any changes to the network infrastructure may jeopardize the network’s integrity. To assist in the management, auditing, and security of the network, facility drawings and topology maps are a necessity; and those addressing critical network assets, such as the DNS server, are especially important. Topology maps (documentation) are important because they show the overall layout of the network infrastructure and where devices are physically located. They also show the relationship and inter-connectivity between devices and where possible intrusive attacks (wire taps) could take place. Additionally, documentation along with diagrams of the network topology are required to be submitted to the Connection Approval Process (CAP) for approval to connect to the NIPRNet or SIPRNet. Depending on the command, service, or activity, additional approval may be required.
STIG Date
DNS Policy 2013-07-08

Details

Check Text ( C-7861r1_chk )
Interview the IAO or SA and ask to see the DNS architecture documentation to include roles for each server, security controls, and the list of networks that are able to query the DNS server.
Fix Text (F-11159r1_fix)
Document the DNS architecture to include the location, function, role, and security controls for all DNS servers.