Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-34235 | SRG-NET-000270-DNS-000149 | SV-44714r1_rule | Medium |
Description |
---|
The need to verify security functionality is necessary to ensure the DNS implementation is behaving as expected and the element's defenses are enabled. To scale the deployment of the verification process, the DNS systems must provide automated support for the management of distributed security testing. Without testing of the security controls across the architecture, the DNS infrastructure (e.g., cache) could be compromised without knowledge of the administrators. As DNS itself is a distributed system of components, security testing of the elements within the architecture is important to maintaining integrity of the entire infrastructure. |
STIG | Date |
---|---|
Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Check Text ( C-42219r1_chk ) |
---|
Review the DNS implementation and vendor documentation to determine if the capability exists to provide automated support for the management of distributed security testing. If there is no support for this effort, this is a finding. |
Fix Text (F-38166r1_fix) |
---|
Configure the DNS implementation to provide automated support for the management of distributed security testing. |