Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DNS implementation must employ FIPS-validated cryptography to implement digital signatures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000516-DNS-000098 | SRG-APP-000516-DNS-000098 | SRG-APP-000516-DNS-000098_rule | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provide assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2014-07-11 |
Details
| Check Text ( C-SRG-APP-000516-DNS-000098_chk ) |
|---|
| Review the DNS implementation against the NIST Cryptographic Algorithm Validation Program (CAVP) product lists to determine if FIPS 140-2 validated cryptography is utilized to implement digital signatures. If FIPS 140-2 validated cryptography is not used, this is a finding. |
| Fix Text (F-SRG-APP-000516-DNS-000098_fix) |
|---|
| Configure the DNS implementation to employ FIPS-validated cryptography to implement digital signatures. |