UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must be configured to enable automated mechanisms to support auditing of the enforcement actions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34063 SRG-NET-000120-DNS-000072 SV-44516r1_rule Medium
Description
Any changes to the hardware, software, and/or firmware components of the DNS implementation can potentially have significant effects on the overall security of the system. Therefore, only qualified and authorized individuals should be allowed to obtain access to the DNS system components for the purposes of implementing any changes or upgrades. Auditing this information is critical to both the configuration management process and in the event of an intrusion. A system must be configured to enforce certain access restrictions, and those enforcement actions need to be logged as part of the audit process.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42029r1_chk )
Review the DNS configuration settings to verify automated mechanisms are in place to support the auditing of enforcement actions that are taken against configured access restrictions. If the DNS implementation does not have automated mechanisms in place for supporting the auditing of enforcement actions, this is a finding.
Fix Text (F-37977r1_fix)
Enable automated mechanisms to support auditing of the enforcement actions taken against configured access restrictions.