STIGQter: STIG Summary: BIND 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

A BIND 9.x server implementation must be operating on a Current-Stable version as defined by ISC.

DISA Rule

SV-207533r612253_rule

Vulnerability Number

V-207533

Group Title

SRG-APP-000516-DNS-000097

Rule Version

BIND-9X-001000

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Update the BIND 9.x server to a version that is listed as “Current-Stable” by ISC or latest supported version of BIND when BIND is installed as part of a specific vendor implementation where the vendor maintains the BIND patches.

Check Contents

Verify that the BIND 9.x server is at a version that is considered "Current-Stable" by ISC or latest supported version of BIND when BIND is installed as part of a specific vendor implementation where the vendor maintains the BIND patches.

# named -v

The above command should produce a version number similar to the following:

BIND 9.9.4-RedHat-9.9.4-29.el7_2.3

If the server is running a version that is not listed as "Current-Stable" by ISC, this is a finding.

Vulnerability Number

V-207533

Documentable

False

Rule Version

BIND-9X-001000

Severity Override Guidance

Verify that the BIND 9.x server is at a version that is considered "Current-Stable" by ISC or latest supported version of BIND when BIND is installed as part of a specific vendor implementation where the vendor maintains the BIND patches.

# named -v

The above command should produce a version number similar to the following:

BIND 9.9.4-RedHat-9.9.4-29.el7_2.3

If the server is running a version that is not listed as "Current-Stable" by ISC, this is a finding.

Check Content Reference

M

Target Key

2926

Comments