The DNS implementation must display an approved banner to the user and it must remain on the screen until the user takes explicit actions to log on.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33935 | SRG-NET-000042-DNS-000023 | SV-44388r1_rule | Medium |
| Description |
|---|
| The DNS implementation is required to display a DoD approved warning banner until the user performs an explicit action to log onto the server. The banner must warn any unauthorized user not to proceed. It must also provide clear and unequivocal notice to both authorized and unauthorized personnel that access to the device is subject to monitoring to detect unauthorized usage. Failure to display the required login warning banner prior to log on attempts will limit the ability to prosecute unauthorized access and also presents the potential to give rise to criminal and civil liability for systems administrators and information systems managers. In addition, DoD's ability to monitor the device's usage is limited unless a proper warning banner is displayed. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41944r1_chk ) |
|---|
| Review the initial logon screen for the DNS system to determine if the approved DoD login banner is displayed and retained on the system until the user performs an explicit action. If a warning banner is not displayed and retained prior to allowing user access to DNS server, this is a finding. |
| Fix Text (F-37848r1_fix) |
|---|
| Configure the DNS system to display the approved DoD Login Banner until the user performs an explicit action to log on the server. |