The DNS server implementation must disable accounts when the accounts have expired.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-263623 | SRG-APP-000700-DNS-000100 | SV-263623r982513_rule | CCI-003627 | medium |
| Description | ||||
| Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality, which reduce the attack surface of the system. | ||||
| STIG | Date | |||
| Domain Name System (DNS) Security Requirements Guide | 2024-07-02 | |||
Details
Check Text (C-263623r982513_chk)
Verify the DNS server implementation is configured to disable accounts when the accounts have expired.
If the DNS server implementation is not configured to disable accounts when the accounts have expired, this is a finding.
Fix Text (F-67431r982030_fix)
Configure the DNS server implementation to disable accounts when the accounts have expired.