The DNS implementation must monitor for irregular usage of administrative user accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33851	SRG-NET-000013-DNS-000014	SV-44304r1_rule		Medium

Description
Atypical account usage is behavior that is not part of normal usage cycles. For example, large amounts of user account activity occurring after hours or on weekends. A comprehensive account management process will ensure an audit trail, which documents the use of application user accounts and as required, notifies administrators and/or application owners, exists. Such a process greatly reduces the risk that compromised administrative user accounts will continue to be used by unauthorized persons and provides logging that can be used for forensic purposes.

Description

Atypical account usage is behavior that is not part of normal usage cycles. For example, large amounts of user account activity occurring after hours or on weekends. A comprehensive account management process will ensure an audit trail, which documents the use of application user accounts and as required, notifies administrators and/or application owners, exists. Such a process greatly reduces the risk that compromised administrative user accounts will continue to be used by unauthorized persons and provides logging that can be used for forensic purposes.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-41908r1_chk )
Review the DNS audit configuration to determine if an audit log is generated that includes account usage. If the DNS audit configuration parameters are set to values outside of normal usage as determined by the configuration management plan, this is a finding.

Fix Text (F-37781r1_fix)
Configure the DNS server to monitor for irregular usage of administrative user accounts.