STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Windows 2012 DNS Servers audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

DISA Rule

SV-215660r561297_rule

Vulnerability Number

V-215660

Group Title

SRG-APP-000125-DNS-000012

Rule Version

WDNS-AU-000016

Severity

CAT II

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Document and implement a backup policy to back up the DNS Server's audit records at least every seven days.

Check Contents

Consult with the System Administrator to determine the backup policy in place for Windows DNS Server.

Review the backup methods used and determine if the backup's methods have been successful at backing up the audit records at least every seven days.

If the organization does not have a backup policy in place for backing up the Windows DNS Server's audit records and/or the backup methods have not been successful at backing up the audit records at least every seven days, this is a finding.

Vulnerability Number

V-215660

Documentable

False

Rule Version

WDNS-AU-000016

Severity Override Guidance

Consult with the System Administrator to determine the backup policy in place for Windows DNS Server.

Review the backup methods used and determine if the backup's methods have been successful at backing up the audit records at least every seven days.

If the organization does not have a backup policy in place for backing up the Windows DNS Server's audit records and/or the backup methods have not been successful at backing up the audit records at least every seven days, this is a finding.

Check Content Reference

M

Target Key

4016

Comments