STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation, when using PKI-based authentication, must enforce authorized access to the corresponding private key.

DISA Rule

SV-69047r1_rule

Vulnerability Number

V-54801

Group Title

SRG-APP-000176-DNS-000017

Rule Version

SRG-APP-000176-DNS-000017

Severity

CAT II

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

10

Fix Recommendation

Configure the DNS server to enforce authorized access to the corresponding private key when using PKI-based authentication.

Check Contents

Review the DNS server implementation configuration to determine if the DNS server, when using PKI-based authentication (e.g., SIG(0)), enforces authorized access to the corresponding private key. If the DNS server does not enforce authorized access to the private key, this is a finding.

Vulnerability Number

V-54801

Documentable

False

Rule Version

SRG-APP-000176-DNS-000017

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server, when using PKI-based authentication (e.g., SIG(0)), enforces authorized access to the corresponding private key. If the DNS server does not enforce authorized access to the private key, this is a finding.

Check Content Reference

M

Target Key

2355

Comments