The DNS implementation must fail to an organization defined known-state for organization defined types of failures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34201 | SRG-NET-000235-DNS-000142 | SV-44677r1_rule | Medium |
| Description |
|---|
| Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Failure in a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. DNS systems that fail suddenly and with no incorporated failure state planning may leave the hosting system available but with a reduced security protection capability. Preserving information system state information also facilitates system restart and return to the operational mode of the organization with less disruption of mission/business processes. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42182r1_chk ) |
|---|
| Review the DNS vendor documentation and configuration to determine if the DNS will fail in a secure state. Determine if security subsystems are enabled upon failure and restart. If the system does not fail in a secure state (as determined by organizational policy), this is a finding. |
| Fix Text (F-38131r1_fix) |
|---|
| Ensure the DNS implementation is configured or designed to fail in a secure state as determined by organizational policy. |