Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-34233 | SRG-NET-000268-DNS-000147 | SV-44711r1_rule | Medium |
Description |
---|
The need to verify security functionality is necessary to ensure the DNS defenses are enabled. If anomalies occur and the system does not respond appropriately, a compromise could occur. For those security functions which are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required. Upon detection of security function anomalies or failure of automated self-tests, the DNS system must respond in accordance with organization defined responses and alternative actions. |
STIG | Date |
---|---|
Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Check Text ( C-42217r1_chk ) |
---|
Review the DNS configuration to determine whether the system responds to security function anomalies in accordance with organization defined responses, such as alarming. If the DNS system does not respond to security anomalies, this is a finding. |
Fix Text (F-38164r1_fix) |
---|
Ensure the DNS implementation responds to security function anomalies in accordance with organization defined responses and alternative actions. |