UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must prevent access to organization defined security-relevant information except during secure non-operable system states.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34247 SRG-NET-000279-DNS-000158 SV-44726r1_rule Medium
Description
Security-relevant information is any information within the information system that can potentially impact the operation of security functions in a manner possibly resulting in failure to enforce the system security policy or maintain isolation of code and data. Organizations may define specific security relevant information requiring protection, however, cryptographic key management information, key configuration parameters for security services, and access control lists are examples of security relevant information relevant to DNS. Secure, non-operable system states are states in which the information system is not performing mission/business-related processing (e.g., the system is off-line for maintenance, troubleshooting, boot-up, shutdown). Access to these types of data is to be prevented unless the system is in a maintenance mode or has otherwise been brought off-line. The goal is to minimize the potential a security configuration or data may be dynamically and perhaps, surreptitiously overwritten or changed (without going through a formal system change process that can document the changes). Access to this type of security information could potentially degrade the security of the authentication and confidentiality of the DNS data and processes.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42231r1_chk )
Review the DNS system configuration to determine if cryptographic key information and/or key configuration parameters for security services are accessible during operable system states. If these services are available during operable states, this is a finding.
Fix Text (F-38178r1_fix)
Configure the DNS system to secure cryptographic key information and key configuration parameters and services during operable system states.