Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must have the capability to produce audit records on hardware-enforced write-once media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34046 | SRG-NET-000104-DNS-000058 | SV-44499r1_rule | Medium |
| Description |
|---|
| It is imperative the audit data collected from DNS elements is secured and stored on write-once media for longevity of the records and to ensure it is not disposed of improperly, or overwritten. If audit data is not written to a secure media form, the potential for loss of the data increases and future forensic analysis could be jeopardized. The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42013r1_chk ) |
|---|
| Review DNS implementation documentation to determine whether the DNS system is capable of writing audit records on hardware-enforced write-once media. If the DNS does not have the capability to write audit records to hardware-enforced write-once media, such as a DVD-R or CD-R, or if the ability is restricted, this is a finding. |
| Fix Text (F-37961r1_fix) |
|---|
| Implement a DNS product which has the capability to produce audit records on hardware-enforced write-once media. |