The DNS implementation must be capable of taking organization defined actions upon audit failure (e.g. overwrite oldest audit records stop generating audit records cease processing notify of audit failure).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33990 | SRG-NET-000089-DNS-000048 | SV-44443r1_rule | Medium |
| Description |
|---|
| Auditing and logging are key components of the DNS architecture. It is essential for security personnel to know what is being performed on the system, where an event occurred, when an event occurred, and by whom the event was triggered, in order to compile an accurate risk assessment and appropriate forensic analysis of the event. It is critical when the DNS is at risk of failing to process audit logs, as required, it takes specific actions (as organizationally defined) to mitigate the failure. If the system were to continue processing without auditing enabled, actions and events can take place on the system that cannot be tracked and recorded for later forensic analysis. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41994r1_chk ) |
|---|
| Review the DNS system configuration to determine if specific actions, as defined by the organization, are taken when an audit process fails. If specific actions are not taken upon audit failure, this is a finding. |
| Fix Text (F-37905r1_fix) |
|---|
| Configure the DNS system to take specific actions, as defined by the organization, when an audit process fails. |