Title

A patch and DNS software upgrade log; to include the identity of the administrator, date and time each patch or upgrade was implemented, is not maintained. (Cat III impact)

Discussion

DNS software has a history of vulnerabilities and new ones may be discovered at any time. To ensure that attackers cannot take advantage of known DNS vulnerabilities applicable software patches and patches must be applied. Patch and DNS software upgrade documentation must be maintained to ensure the DNS name servers are protected from these vulnerabilities and current with required patches and software upgrades.

Check Content

DNS patch and upgrade change records must include records of the date and time each patch or upgrade to DNS software was implemented, and by whom. The method of verification may be considered weak, but the requirement is merely to document the dates and times of DNS software patch and upgrades. Instruction: If there is no patch and upgrade log, then this is a finding. If there is such a log, then entries must include the date and time of any change as well as the identity of the administrator. Failure to include this information for any entry is a finding.

Fix Text

The SA should establish and maintain a log of the date and time each patch and upgrade to DNS software was implemented.

Additional Identifiers

Rule ID: SV-13605r1_rule

Vulnerability ID: V-13037

Group Title: DNS patch/software log is not maintained.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.