UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS server implementation must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.


Overview

Finding ID Version Rule ID IA Controls Severity
V-263628 SRG-APP-000810-DNS-000150 SV-263628r982521_rule Medium
Description
Software and firmware components prevented from installation unless signed with recognized and approved certificates include software and firmware version updates, patches, service packs, device drivers, and basic input/output system updates. Organizations can identify applicable software and firmware components by type, by specific items, or a combination of both. Digital signatures and organizational verification of such signatures is a method of code authentication.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2024-07-02

Details

Check Text ( C-67528r982520_chk )
Verify the DNS server implementation is configured to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

If the DNS server implementation is not configured to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization, this is a finding.
Fix Text (F-67436r982045_fix)
Configure the DNS server implementation to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.