STIGQter STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 24 Jan 2020: The Windows 2012 DNS Server must protect secret/private cryptographic keys while at rest.

DISA Rule

SV-73123r4_rule

Vulnerability Number

V-58693

Group Title

SRG-APP-000231-DNS-000033

Rule Version

WDNS-SC-000024

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To ensure the cryptographic keys are protected after being backed up to tape or other medium, develop a backup policy to include the protection of backup date to be at or above the same level as the DNS server itself.

Check Contents

To ensure the cryptographic keys are protected after being backed up to another medium (tape, disk, SAN, etc.), consult with the System Administrator to determine the backup policy in place for the DNS Server.

Determine how and where backed up data is being stored.

Verify the protection of the backup medium is secured to the same level, or higher, as the server itself.

If a backup policy does not exist or the backup policy does not specify the protection required for backup medium to be at or above the same level as the server, this is a finding.

Vulnerability Number

V-58693

Documentable

False

Rule Version

WDNS-SC-000024

Severity Override Guidance

To ensure the cryptographic keys are protected after being backed up to another medium (tape, disk, SAN, etc.), consult with the System Administrator to determine the backup policy in place for the DNS Server.

Determine how and where backed up data is being stored.

Verify the protection of the backup medium is secured to the same level, or higher, as the server itself.

If a backup policy does not exist or the backup policy does not specify the protection required for backup medium to be at or above the same level as the server, this is a finding.

Check Content Reference

M

Target Key

2771

Comments