The DNS implementation must provide automated support for the management of distributed security testing.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34235	SRG-NET-000270-DNS-000149	SV-44714r1_rule		Medium

Description
The need to verify security functionality is necessary to ensure the DNS implementation is behaving as expected and the element's defenses are enabled. To scale the deployment of the verification process, the DNS systems must provide automated support for the management of distributed security testing. Without testing of the security controls across the architecture, the DNS infrastructure (e.g., cache) could be compromised without knowledge of the administrators. As DNS itself is a distributed system of components, security testing of the elements within the architecture is important to maintaining integrity of the entire infrastructure.

Description

The need to verify security functionality is necessary to ensure the DNS implementation is behaving as expected and the element's defenses are enabled. To scale the deployment of the verification process, the DNS systems must provide automated support for the management of distributed security testing. Without testing of the security controls across the architecture, the DNS infrastructure (e.g., cache) could be compromised without knowledge of the administrators. As DNS itself is a distributed system of components, security testing of the elements within the architecture is important to maintaining integrity of the entire infrastructure.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42219r1_chk )
Review the DNS implementation and vendor documentation to determine if the capability exists to provide automated support for the management of distributed security testing. If there is no support for this effort, this is a finding.

Fix Text (F-38166r1_fix)
Configure the DNS implementation to provide automated support for the management of distributed security testing.