Title

A list of personnel authorized to administer each zone and name server is not maintained. (Cat III impact)

Discussion

If an organization does not document who is responsible for the DNS function, then there is a significant potential that unauthorized individuals will obtain privileged access to name servers. During a security breach, it will be difficult to assign accountability for improper transactions if it is not known who is responsible for this function.

Check Content

If the site POC cannot produce a list of personnel authorized to administer each zone and name server, then this is a finding.

Fix Text

The IAO must create and maintain a list of authorized DNS administrators for each zone and name server under the IAOs scope of responsibility.

Additional Identifiers

Rule ID: SV-13604r3_rule

Vulnerability ID: V-13036

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.