UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must provide notification of failed automated security tests.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34234 SRG-NET-000269-DNS-000148 SV-44713r1_rule Low
Description
The need to verify security functionality is necessary to ensure the DNS implementation is behaving as expected and the element's defenses are enabled. To scale the deployment of the verification process, the DNS systems must provide automated support for the management of distributed security testing. Without testing of the security controls across the architecture, the DNS infrastructure (e.g., cache) could be compromised without knowledge of the administrators. As DNS itself is a distributed system of components, security testing of the elements within the architecture is crucial to maintaining integrity of the entire infrastructure. Upon detection of a failure of an automated security self-test, the DNS element must respond in accordance with organization defined responses and alternative actions. Without taking any self-healing actions or notifying an administrator, the defense of the system and the network is potentially vulnerable and the risk is not identified.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42218r1_chk )
Review the DNS implementation and vendor documentation to determine if the DNS is configured to provide notification of failed automated security tests. If the capability exists, and the DNS is not configured to provide notification of failed automated security tests, this is a finding.
Fix Text (F-38165r1_fix)
Configure the DNS implementation to provide notification of failed automated security tests.