STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Infoblox system must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

SV-214196r612370_rule

Vulnerability Number

V-214196

Group Title

SRG-APP-000440-DNS-000065

Rule Version

IDNS-7X-000600

Severity

CAT II

CCI(s)

CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

Fix Recommendation

Enable DNSSEC is by navigating to Data Management >> DNS >> Grid DNS properties tab.

Toggle Advanced Mode and select the "DNSSEC" tab.
Enable DNSSEC by selecting the check box.
When complete, click "Save & Close" to save the changes and exit the "Properties" screen.

Perform a service restart if necessary.

Check Contents

Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.

Verify that DNSSEC is enabled by navigating to Data Management >> DNS >> Grid DNS Properties tab.

Toggle Advanced Mode and review the "DNSSEC" tab to verify DNSSEC is enabled.
When complete, click "Cancel" to exit the "Properties" screen.

If DNSSEC is not enabled, this is a finding.

The Infoblox system must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments