The DNS server implementations audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-205167 | SRG-APP-000125-DNS-000012 | SV-205167r960948_rule | CCI-001348 | medium |
| Description | ||||
| Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. | ||||
| STIG | Date | |||
| Domain Name System (DNS) Security Requirements Guide | 2024-07-02 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-9(2)
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001348
1.00
- DISA · 4 · disa_xccdf · related
Details
Check Text (C-205167r960948_chk)
Review the DNS system configuration to determine if audit record content is sent to a centralized audit log repository, either directly by the DNS system or by the underlying O/S.
If the DNS system is not configured to support centralized logging and auditing, this is a finding.
Fix Text (F-5434r392418_fix)
Configure the DNS server or the underlying O/S to send audit log content to a centralized logging facility.