Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. DNS Policy Security Technical Implementation Guide
  3. V-13037

V-13037

A patch and DNS software upgrade log; to include the identity of the administrator, date and time each patch or upgrade was implemented, is not maintained.

Finding ID
DNS0130
Rule ID
SV-13605r1_rule
Severity
Cat III
CCE
(None)
Group Title
DNS patch/software log is not maintained.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

DNS software has a history of vulnerabilities and new ones may be discovered at any time. To ensure that attackers cannot take advantage of known DNS vulnerabilities applicable software patches and patches must be applied. Patch and DNS software upgrade documentation must be maintained to ensure the DNS name servers are protected from these vulnerabilities and current with required patches and software upgrades.

Fix Text

The SA should establish and maintain a log of the date and time each patch and upgrade to DNS software was implemented.

Check Content

DNS patch and upgrade change records must include records of the date and time each patch or upgrade to DNS software was implemented, and by whom. The method of verification may be considered weak, but the requirement is merely to document the dates and times of DNS software patch and upgrades. Instruction: If there is no patch and upgrade log, then this is a finding. If there is such a log, then entries must include the date and time of any change as well as the identity of the administrator. Failure to include this information for any entry is a finding.

Responsibility

System Administrator

Vaulted is more than a library.

SIGN UP FOR FREE