STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation must be configured to generate audit records for failed security verification tests so that the ISSO and ISSM can be notified of the failures.

DISA Rule

SV-69091r1_rule

Vulnerability Number

V-54845

Group Title

SRG-APP-000275-DNS-000040

Rule Version

SRG-APP-000275-DNS-000040

Severity

CAT II

CCI(s)

• CCI-001294 - The information system notifies organization-defined personnel or roles of failed security verification tests.

Weight

10

Fix Recommendation

Configure the DNS server to generate audit records for failed security verification tests so that the ISSO and ISSM can be notified of the failures.

Check Contents

Review the DNS server implementation configuration to determine if the DNS server is configured to generate audit records for failed security verification tests so that the ISSO and ISSM can be notified of the failures. If the DNS server is not configured to generate such audit records, this is a finding.

Vulnerability Number

V-54845

Documentable

False

Rule Version

SRG-APP-000275-DNS-000040

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server is configured to generate audit records for failed security verification tests so that the ISSO and ISSM can be notified of the failures. If the DNS server is not configured to generate such audit records, this is a finding.

Check Content Reference

M

Target Key

2355

Comments