Detections
Analytics

CCI|CCI-001663

Title

The information system, when operating as part of a distributed, hierarchical namespace, provides the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).

Reference Item Details

Category: 2010

Audit Items

View all Reference Audit Items

NamePluginAudit Name
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - dnssec-enableUnixDISA BIND 9.x STIG v2r2
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - KSKUnixDISA BIND 9.x STIG v2r2
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - zoneUnixDISA BIND 9.x STIG v2r2
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - ZSKUnixDISA BIND 9.x STIG v2r2
BIND-9X-001510 - A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies - masterUnixDISA BIND 9.x STIG v2r2
BIND-9X-001510 - A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies - secondaryUnixDISA BIND 9.x STIG v2r2
WDNS-SC-000009 - The Windows 2012 DNS Server must enforce approved authorizations between DNS servers through the use of digital signatures in the RRSet.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000010 - The Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000011 - The Windows 2012 DNS Server must be configured to validate an authentication chain of parent and child domains via response data.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000012 - Trust anchors must be exported from authoritative Windows 2012 DNS Servers and distributed to validating Windows 2012 DNS Servers.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000013 - Automatic Update of Trust Anchors must be enabled on key rollover.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r5