STIGQter STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Windows 2012 DNS Server must protect secret/private cryptographic keys while at rest.

DISA Rule

SV-215630r561297_rule

Vulnerability Number

V-215630

Group Title

SRG-APP-000231-DNS-000033

Rule Version

WDNS-SC-000024

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To ensure the cryptographic keys are protected after being backed up to tape or other medium, develop a backup policy to include the protection of backup date to be at or above the same level as the DNS server itself.

Check Contents

To ensure the cryptographic keys are protected after being backed up to another medium (tape, disk, SAN, etc.), consult with the System Administrator to determine the backup policy in place for the DNS Server.

Determine how and where backed up data is being stored.

Verify the protection of the backup medium is secured to the same level, or higher, as the server itself.

If a backup policy does not exist or the backup policy does not specify the protection required for backup medium to be at or above the same level as the server, this is a finding.

Vulnerability Number

V-215630

Documentable

False

Rule Version

WDNS-SC-000024

Severity Override Guidance

To ensure the cryptographic keys are protected after being backed up to another medium (tape, disk, SAN, etc.), consult with the System Administrator to determine the backup policy in place for the DNS Server.

Determine how and where backed up data is being stored.

Verify the protection of the backup medium is secured to the same level, or higher, as the server itself.

If a backup policy does not exist or the backup policy does not specify the protection required for backup medium to be at or above the same level as the server, this is a finding.

Check Content Reference

M

Target Key

4016

Comments