A list of personnel authorized to administer each zone and name server is not maintained.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13036 | DNS0120 | SV-13604r1_rule | ECPA-1 | Low |
| Description |
|---|
| If an organization does not document who is responsible for the DNS function, then there is a significant potential that unauthorized individuals will obtain privileged access to name servers. During a security breach, it will be difficult to assign accountability for improper transactions if it is not known who is responsible for this function. |
| STIG | Date |
|---|---|
| DNS Policy | 2015-12-29 |
Details
| Check Text ( C-3358r1_chk ) |
|---|
| If the site POC cannot produce a list of personnel authorized to administer each zone and name server, then this is a finding. |
| Fix Text (F-4340r1_fix) |
|---|
| The IAO must create and maintain a list of authorized DNS administrators for each zone and name server under the IAOs scope of responsibility. |