STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality.

DISA Rule

SV-69161r1_rule

Vulnerability Number

V-54915

Group Title

SRG-APP-000514-DNS-000075

Rule Version

SRG-APP-000514-DNS-000075

Severity

CAT II

CCI(s)

CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

Fix Recommendation

Configure the DNS implementation to use NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality.

Check Contents

Review the DNS implementation and configuration files to ensure FIPS-validated cryptography is being used when provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information that requires confidentiality.

If the DNS configuration does not use FIPS-validated cryptography, this is a finding.

The DNS server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments