UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must employ FIPS-validated cryptography to implement digital signatures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34266 SRG-NET-000308-DNS-000170 SV-44745r1_rule Medium
Description
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42250r1_chk )
Review the DNS implementation against the NIST Cryptographic Algorithm Validation Program (CAVP) product lists to determine if FIPS 140-2 validated cryptography is utilized to implement digital signatures. If FIPS 140-2 validated cryptography is not used, this is a finding.
Fix Text (F-38197r1_fix)
Ensure the DNS implementation employs FIPS-validated cryptography to implement digital signatures.