STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation must restrict the ability of individuals to use the DNS server to launch Denial of Service (DoS) attacks against other information systems.

DISA Rule

SV-69085r1_rule

Vulnerability Number

V-54839

Group Title

SRG-APP-000246-DNS-000035

Rule Version

SRG-APP-000246-DNS-000035

Severity

CAT II

CCI(s)

• CCI-001094 - The information system restricts the ability of individuals to launch organization-defined denial of service attacks against other information systems.

Weight

10

Fix Recommendation

Configure the DNS system to restrict the ability of users or other systems to launch Denial of Service (DoS) attacks from the DNS system.

Check Contents

Review the DNS server implementation documentation and system settings to determine if the system restricts the ability of users or systems to launch Denial of Service (DoS) attacks against other information systems or networks from the DNS server.

If the DNS system is not configured to restrict this ability, this is a finding.

Vulnerability Number

V-54839

Documentable

False

Rule Version

SRG-APP-000246-DNS-000035

Severity Override Guidance

Review the DNS server implementation documentation and system settings to determine if the system restricts the ability of users or systems to launch Denial of Service (DoS) attacks against other information systems or networks from the DNS server.

If the DNS system is not configured to restrict this ability, this is a finding.

Check Content Reference

M

Target Key

2355

Comments