The DNS implementation must employ FIPS-validated cryptography to implement digital signatures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-APP-000516-DNS-000098	SRG-APP-000516-DNS-000098	SRG-APP-000516-DNS-000098_rule		Medium

Description
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provide assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement.

Description

The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation and NSA approval provide assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Similarly, NSA approval of cryptography for classified data and applications is a strict requirement.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2014-07-11

Details

Check Text ( C-SRG-APP-000516-DNS-000098_chk )
Review the DNS implementation against the NIST Cryptographic Algorithm Validation Program (CAVP) product lists to determine if FIPS 140-2 validated cryptography is utilized to implement digital signatures. If FIPS 140-2 validated cryptography is not used, this is a finding.

Fix Text (F-SRG-APP-000516-DNS-000098_fix)
Configure the DNS implementation to employ FIPS-validated cryptography to implement digital signatures.