The DNS implementation must isolate security functions enforcing access and information flow control from both non-security functions and from other security functions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34136	SRG-NET-000186-DNS-000113	SV-44589r1_rule		Medium

Description
Application security functionality that performs security tasks, such as enforcing access and information flow control requires additional system privilege and can have a large impact on the security of the DNS application and its data. Rather than allowing the entire application access to this security functionality, DNS implementation developers must isolate these critical functions from non-privileged application functions and other security functions.

Description

Application security functionality that performs security tasks, such as enforcing access and information flow control requires additional system privilege and can have a large impact on the security of the DNS application and its data. Rather than allowing the entire application access to this security functionality, DNS implementation developers must isolate these critical functions from non-privileged application functions and other security functions.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42096r1_chk )
Review the DNS vendor documentation and configuration settings to determine if security functions enforcing access and information flow control from both non-security functions and from other security function are isolated. If security functions are not isolated, this is a finding.

Fix Text (F-38046r1_fix)
Ensure the DNS implementation isolates security functions enforcing access and information flow control from both non-security functions and from other security functions.