The DNS server implementation must provide automated mechanisms for supporting account management functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000023-DNS-000002 | SRG-APP-000023-DNS-000002 | SRG-APP-000023-DNS-000002_rule | Medium |
| Description |
|---|
| As most accounts in the domain name system are privileged or system level accounts, account management and distribution is vital to the security of the DNS implementation and infrastructure. If an attacker compromises an account, the entire DNS infrastructure is at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. As accounts are created or terminated and privilege levels are updated, the DNS implementation must be configured such that it automatically recognizes and supports this activity and immediately enforces the current account policy. DNS applications do not use specific accounts other than for administrative purposes. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2014-07-11 |
Details
| Check Text ( C-SRG-APP-000023-DNS-000002_chk ) |
|---|
| Review the DNS system to ensure automated support for account management functions is present. If the account management function is not capable of supporting account management automation, this is a finding. |
| Fix Text (F-SRG-APP-000023-DNS-000002_fix) |
|---|
| Configure the DNS system to provide support for automated account management functions. The account management functions will be performed by the DNS application if the capability exists. If the capability does not exist the underlying platform's account management system may be used. |