Check: SRG-APP-000473-DNS-000072
Domain Name System (DNS) SRG:
SRG-APP-000473-DNS-000072
(in versions v3 r2 through v2 r4)
Title
The DNS server implementation must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days. (Cat II impact)
Discussion
Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Without verification, security functions may not operate correctly and this failure may go unnoticed. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications, such as lights. The DNS server should perform self-tests, such as at server start-up, to confirm that its security functions are working properly.
Check Content
Review the DNS server implementation configuration to determine if the DNS server performs verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days. If the DNS server does not perform this verification when needed, this is a finding.
Fix Text
Configure the DNS server to perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days.
Additional Identifiers
Rule ID: SV-205222r879844_rule
Vulnerability ID: V-205222
Group Title: SRG-APP-000473
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002699 |
The information system performs verification of the correct operation of organization-defined security functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency. |
Controls
Number | Title |
---|---|
SI-6 |
Security Function Verification |