The DNS implementation must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34205	SRG-NET-000239-DNS-000145	SV-44681r1_rule		Medium

Description
This requirement is intended to address the confidentiality and integrity of system information at rest when it is located on a secondary storage device within the DNS element. It is imperative that system data that is generated, as well as device configuration data, is protected. If system information is not adequately protected, the confidentiality of the data cannot be guaranteed and may be disclosed to unauthorized individuals.

Description

This requirement is intended to address the confidentiality and integrity of system information at rest when it is located on a secondary storage device within the DNS element. It is imperative that system data that is generated, as well as device configuration data, is protected. If system information is not adequately protected, the confidentiality of the data cannot be guaranteed and may be disclosed to unauthorized individuals.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42186r1_chk )
Review the DNS implementation and configuration settings to determine if cryptographic mechanisms are employed to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. If system information is not adequately protected via encryption, this is a finding.

Fix Text (F-38135r1_fix)
Ensure the DNS implementation employs cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.