STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS implementation must enforce a Discretionary Access Control (DAC) policy that limits propagation of access rights.

DISA Rule

SV-69189r1_rule

Vulnerability Number

V-54943

Group Title

SRG-APP-000516-DNS-000099

Rule Version

SRG-APP-000516-DNS-000099

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the DNS implementation to eliminate access rights propagation.

Check Contents

Review the DNS configuration and access control structure to determine if DACs are in place to limit the propagation of rights as determined by the organization. Access control lists for user permissions, as well as zone transfers and updates, must be present. If they are not present, this is a finding.

Vulnerability Number

V-54943

Documentable

False

Rule Version

SRG-APP-000516-DNS-000099

Severity Override Guidance

Review the DNS configuration and access control structure to determine if DACs are in place to limit the propagation of rights as determined by the organization. Access control lists for user permissions, as well as zone transfers and updates, must be present. If they are not present, this is a finding.

Check Content Reference

M

Target Key

2355

Comments