UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must have the capability to produce audit records on hardware-enforced write-once media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34046 SRG-NET-000104-DNS-000058 SV-44499r1_rule Medium
Description
It is imperative the audit data collected from DNS elements is secured and stored on write-once media for longevity of the records and to ensure it is not disposed of improperly, or overwritten. If audit data is not written to a secure media form, the potential for loss of the data increases and future forensic analysis could be jeopardized. The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42013r1_chk )
Review DNS implementation documentation to determine whether the DNS system is capable of writing audit records on hardware-enforced write-once media. If the DNS does not have the capability to write audit records to hardware-enforced write-once media, such as a DVD-R or CD-R, or if the ability is restricted, this is a finding.
Fix Text (F-37961r1_fix)
Implement a DNS product which has the capability to produce audit records on hardware-enforced write-once media.