UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must provide additional data origin and integrity artifacts along with the authoritative data the system returns in response to name/address resolution queries.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000311-FW-NA SRG-NET-000311-FW-NA SRG-NET-000311-FW-NA_rule Medium
Description
Per most sources, and NIST in particular, the underlying feature in the major threat associated with DNS forged responses or failures, is the integrity of the DNS data returned in the response. The principle of DNSSEC is to mitigate this threat by providing data origin authentication, establishing trust in the source. This control enables remote clients to obtain origin authentication and integrity verification assurances for the host/service name to network address resolution information obtained through the service. The DNS security controls are consistent with, and referenced from, OMB Memorandum 08-23. This requirement would only be applicable to a DNS Server.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000311-FW-NA_chk )
This requirement is NA for firewall. No fix required.
Fix Text (F-SRG-NET-000311-FW-NA_fix)
This requirement is NA for firewall. No fix required.