Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-233906 | IDNS-8X-700001 | SV-233906r621666_rule | High |
Description |
---|
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. |
STIG | Date |
---|---|
Infoblox 8.x DNS Security Technical Implementation Guide | 2021-01-11 |
Check Text ( C-37091r611238_chk ) |
---|
Note: For Infoblox DNS systems on a classified network, this requirement is Not Applicable. Note: For Infoblox Grids that run in FIPS mode, this requirement is Not Applicable. Refer to the Administrator Guide for more information on FIPS Mode. 1. Navigate to Data Management >> DNS >> Grid DNS properties. 2. Toggle Advanced Mode and click on the "DNSSEC" tab. 3. Validate that all Key Signing Keys (KSKs) and Zone Signing Keys (ZSKs) use FIPS-approved algorithms. 4. When complete, click "Cancel" to exit the "Properties" screen. If non-FIPS-approved algorithms are in use, this is a finding. |
Fix Text (F-37056r611239_fix) |
---|
Note: Ensure DNSSEC is configured to meet all other STIG requirements prior to signing a zone to avoid signing with an unapproved configuration. 1. Navigate to Data Management >> DNS >> Grid DNS properties. 2. Toggle Advanced Mode and click on the "DNSSEC" tab. 3. Configure FIPS-compliant algorithms. 4. Follow manual key rollover procedures and update all non-compliant KSKs and ZSKs to use FIPS-approved algorithms. |