STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The DNS server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality.

DISA Rule

SV-214201r612370_rule

Vulnerability Number

V-214201

Group Title

SRG-APP-000514-DNS-000075

Rule Version

IDNS-7X-000690

Severity

CAT I

CCI(s)

CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

Fix Recommendation

Navigate to Data Management >> DNS >> Grid DNS properties.

Toggle Advanced Mode click on "DNSSEC" tab.
Follow manual key rollover procedures and update all non-compliant Key Signing Keys (KSK) and Zone Signing Keys (ZSK) to utilize FIPS-approved algorithms.

Check Contents

Note: For Infoblox DNS systems on a Classified network, this requirement is Not Applicable.

Navigate to Data Management >> DNS >> Grid DNS properties.

Toggle Advanced Mode click on "DNSSEC" tab.
Validate that all Key Signing Keys (KSK) and Zone Signing Keys (ZSK) utilize FIPS approved algorithms.
When complete, click "Cancel" to exit the "Properties" screen.

If non FIPS-approved algorithms are in use, this is a finding.

The DNS server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments