STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

DISA Rule

SV-69141r1_rule

Vulnerability Number

V-54895

Group Title

SRG-APP-000440-DNS-000065

Rule Version

SRG-APP-000440-DNS-000065

Severity

CAT II

CCI(s)

• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

10

Fix Recommendation

Configure the DNS server to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).

Check Contents

Review the DNS server implementation configuration to determine if the DNS server implements cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS). If the DNS server does not implement such cryptographic mechanisms, this is a finding.

Vulnerability Number

V-54895

Documentable

False

Rule Version

SRG-APP-000440-DNS-000065

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server implements cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS). If the DNS server does not implement such cryptographic mechanisms, this is a finding.

Check Content Reference

M

Target Key

2355

Comments