The DNS implementation must backup audit data on an organization defined frequency onto a different system or media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34047 | SRG-NET-000105-DNS-000059 | SV-44500r1_rule | Medium |
| Description |
|---|
| It is imperative the audit data collected from DNS elements is backed up on a defined frequency onto a different system or media to ensure the longevity of the records, retention of the data, and integrity of the data. If the audit records are not backed up to a different media source they could be inadvertently modified, deleted, or overwritten. If the data is no longer available and integrity cannot be guaranteed, future forensic analysis could be jeopardized. Backing up audit records to a different system or onto separate media than the system being audited, on an organizationally defined frequency, helps to ensure, in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42014r1_chk ) |
|---|
| Review the DNS backup configuration to determine if the DNS software backs up the audit data and records onto a different system or media than the system being audited on an organization defined frequency. If the DNS implementation does not back up the audit data to a different system or media on an organization defined frequency, this is a finding. |
| Fix Text (F-37962r1_fix) |
|---|
| Configure the DNS to back up all audit data and records to a different system or media on an organization defined frequency. |