The DNS implementation must employ FIPS-validated cryptography to implement digital signatures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34266	SRG-NET-000308-DNS-000170	SV-44745r1_rule		Medium

Description
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement.

Description

The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42250r1_chk )
Review the DNS implementation against the NIST Cryptographic Algorithm Validation Program (CAVP) product lists to determine if FIPS 140-2 validated cryptography is utilized to implement digital signatures. If FIPS 140-2 validated cryptography is not used, this is a finding.

Fix Text (F-38197r1_fix)
Ensure the DNS implementation employs FIPS-validated cryptography to implement digital signatures.