STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The key file must be owned by the account under which the name server software is run.

DISA Rule

SV-69049r1_rule

Vulnerability Number

V-54803

Group Title

SRG-APP-000176-DNS-000018

Rule Version

SRG-APP-000176-DNS-000018

Severity

CAT II

CCI(s)

CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

Fix Recommendation

Change ownership for the key file to the account under which the name server software is run.

Check Contents

Review the DNS system to determine ownership of the key file and the account under which the name server software is run.

If the key file owner is not the same account as the account under which the name server is run, this is a finding.

Vulnerability Number

V-54803

Documentable

False

Rule Version

SRG-APP-000176-DNS-000018

Severity Override Guidance

Check Content Reference

Target Key

2355

The key file must be owned by the account under which the name server software is run.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments