Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must employ FIPS-validated cryptography to implement digital signatures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34266 | SRG-NET-000308-DNS-000170 | SV-44745r1_rule | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42250r1_chk ) |
|---|
| Review the DNS implementation against the NIST Cryptographic Algorithm Validation Program (CAVP) product lists to determine if FIPS 140-2 validated cryptography is utilized to implement digital signatures. If FIPS 140-2 validated cryptography is not used, this is a finding. |
| Fix Text (F-38197r1_fix) |
|---|
| Ensure the DNS implementation employs FIPS-validated cryptography to implement digital signatures. |