The DNS implementation must support organizational requirements to ensure individuals are authenticated with an individual authenticator prior to using a group authenticator.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34094 | SRG-NET-000143-DNS-000084 | SV-44547r1_rule | Medium |
| Description |
|---|
| To assure individual accountability and prevent unauthorized access, DNS administrators and users (and any processes acting on behalf of users) must be individually identified and authenticated. Without individual accountability, there can be no traceability back to an individual if there were a security incident on the system. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42053r1_chk ) |
|---|
| Review the DNS system account management configuration and settings to determine if all individuals authorized access to the system have an individual account and that account is required to gain access to the system prior to the use of a group account. If group authentication does not require prior individual authentication, this is a finding. |
| Fix Text (F-38004r1_fix) |
|---|
| Configure the DNS system to require individuals to authenticate with an individual authenticator prior to using a group authenticator. The account management functions will be performed by the DNS application if the capability exists. If the capability does not exist the underlying platform's account management system may be used. |