CCI-001294

The application must notify the ISSO and ISSM of failed security verification tests.

A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes.

The DNS server implementation must be configured to generate audit records for failed security verification tests so that the ISSO and ISSM can be notified of the failures.

The Infoblox system must notify the ISSO and ISSM in the event of failed security verification tests.

The Mainframe product must notify the system programmer and security administrator of failed security verification tests.

The Windows 2012 DNS Server must be configured to notify the ISSO/ISSM/DNS administrator when functionality of DNSSEC/TSIG has been removed or broken.

The Tanium Operating System (TanOS) must notify the ISSO and ISSM of failed security verification tests.

The application must notify the Information System Security Manager (ISSM) and Information System Security Officer (ISSO) of failed security verification tests.

The Windows DNS Server must be configured to notify the information system security officer (ISSO), information system security manager (ISSM), or DNS administrator when functionality of DNSSEC/TSIG has been removed or broken.

Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.