Title

The DNS server implementation must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. (Cat II impact)

Discussion

Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls.

Check Content

Verify the DNS server implementation is configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. If the DNS server implementation is not configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information, this is a finding.

Fix Text

Configure the DNS server implementation to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

Additional Identifiers

Rule ID: SV-263626r982517_rule

Vulnerability ID: V-263626

Group Title: SRG-APP-000795

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.