The DNS implementation must implement separation of duties through assigned information system access authorizations.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33927	SRG-NET-000034-DNS-000018	SV-44380r1_rule		Medium

Description
Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. An example of separation of duties within the DNS implementation may be accomplished by allowing only the DNS administrator to manage the DNS platform and associated configuration files, yet not be a member of the "auditors" group. Employing a separation of duties model reduces the threat that one individual has the authority to make changes to a system, and the authority to delete any record of those changes.

Description

Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. An example of separation of duties within the DNS implementation may be accomplished by allowing only the DNS administrator to manage the DNS platform and associated configuration files, yet not be a member of the "auditors" group. Employing a separation of duties model reduces the threat that one individual has the authority to make changes to a system, and the authority to delete any record of those changes.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-41936r1_chk )
Review the DNS system configuration to ensure privileged users are assigned only those permissions to perform their express functions. Determine if auditors, backup operators, DNS administrators, and security personnel have separate accounts with only the permissions required to support their role. If separate accounts are not present for different functions, this is a finding.

Fix Text (F-37840r1_fix)
Configure the DNS system to use the separation of duties model and require separate accounts based on required need and function.