The DNS implementation must have the capability to produce audit records on hardware-enforced write-once media.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34046	SRG-NET-000104-DNS-000058	SV-44499r1_rule		Medium

Description
It is imperative the audit data collected from DNS elements is secured and stored on write-once media for longevity of the records and to ensure it is not disposed of improperly, or overwritten. If audit data is not written to a secure media form, the potential for loss of the data increases and future forensic analysis could be jeopardized. The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media.

Description

It is imperative the audit data collected from DNS elements is secured and stored on write-once media for longevity of the records and to ensure it is not disposed of improperly, or overwritten. If audit data is not written to a secure media form, the potential for loss of the data increases and future forensic analysis could be jeopardized. The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42013r1_chk )
Review DNS implementation documentation to determine whether the DNS system is capable of writing audit records on hardware-enforced write-once media. If the DNS does not have the capability to write audit records to hardware-enforced write-once media, such as a DVD-R or CD-R, or if the ability is restricted, this is a finding.

Fix Text (F-37961r1_fix)
Implement a DNS product which has the capability to produce audit records on hardware-enforced write-once media.