UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must automatically audit account termination.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33849 SRG-NET-000011-DNS-000012 SV-44302r1_rule Medium
Description
As most accounts in the DNS are privileged or system level accounts, account management and distribution is vital to the security of the DNS implementation and infrastructure. If an attacker compromises an account, the entire DNS infrastructure, not to mention the hosts on the network, is at risk. Authentication for user or administrative access to the system is required at all times. Accounts are utilized for identifying individual application users or for identifying the application processes themselves. When DNS accounts are terminated, user accessibility may be affected. In order to detect and respond to events that affect user accessibility and application processing, applications must audit account termination actions and, as required, notify the appropriate individuals so they can investigate the event to ensure its validity. Such a capability greatly reduces the risk that DNS accessibility will be negatively affected for extended periods of time and also provides auditing capability that can be used for forensic purposes.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-41906r1_chk )
Review the DNS system and/or configuration files to determine if account termination is audited and an audit record is generated. If there is not a viewable, configurable option, request the administrator terminate an account and view the logs generated to validate the account termination is logged. If account termination is not audited, this is a finding.
Fix Text (F-37779r1_fix)
Configure the DNS system to audit all account termination actions.

Audit functions will be performed by the DNS application if the capability exists. If the capability does not exist the underlying platform's auditing system may be used.