The SA has not subscribed to ISC's mailing list "bind announce" for updates on vulnerabilities and software notifications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13052 | DNS0190 | SV-13620r1_rule | VIVM-1 | Low |
| Description |
|---|
| Whether running the latest version or software or an earlier version, the administrator should be aware of the vulnerabilities, exploits, security fixes, and patches for the version that is in operation in the enterprise. |
| STIG | Date |
|---|---|
| DNS Policy | 2013-07-08 |
Details
| Check Text ( C-8508r1_chk ) |
|---|
| If the site is using BIND, interview the SA to determine if they have subscribed to ISC’s mailing list called “bind-announce” (information on the Internet at ttp://www.isc.org/sw/bind/bind-lists.php) for vulnerabilities and software notifications.Note: This check only applies to Windows and Unix systems running BIND. It should be marked Not Applicable for those not running BIND. If the site is using BIND, interview the SA to determine if they have subscribed to ISC’s mailing list called “bind-announce” (information on the Internet at http://www.isc.org/sw/bind/bind-lists.php) for vulnerabilities and software notifications. |
| Fix Text (F-11675r1_fix) |
|---|
| If BIND is utilized, the SA will subscribe to ISC’s mailing list called “bind-announce” (information on the Internet at http://www.isc.org/sw/bind/bind-lists.php) for vulnerabilities and software notifications. |