Title

The application must perform data origin authentication and data integrity verification on all resolution responses received whether or not local client systems explicitly request this service. (Cat II impact)

Discussion

A recursive resolving or caching Domain Name System (DNS) server is an example of an information system providing name/address resolution service for local clients. Authoritative DNS servers are examples of authoritative sources owning DNS data. Information systems using technologies other than the DNS to map between host/service names and network addresses provide other means to enable clients to verify the authenticity and integrity of response data. Rationale for non-applicability: The mobile operating system is responsible for name/address resolution services. If a mobile application were granted the OS privileges necessary to provide name services to other applications, this would enable the name service application to launch a number of IA attacks against other applications.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46844r1_rule

Vulnerability ID: V-35557

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.