Skip to content

Domain Name System (DNS) Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000440

    <GroupDescription></GroupDescription>
    Group
  • The DNS server implementation must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).

    &lt;VulnDiscussion&gt;Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mec...
    Rule Medium Severity
  • SRG-APP-000441

    <GroupDescription></GroupDescription>
    Group
  • The DNS server implementation must maintain the integrity of information during preparation for transmission.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000442

    <GroupDescription></GroupDescription>
    Group
  • The DNS server implementation must maintain the integrity of information during reception.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, duri...
    Rule Medium Severity
  • SRG-APP-000447

    <GroupDescription></GroupDescription>
    Group
  • The DNS server implementation must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

    &lt;VulnDiscussion&gt;A common vulnerability of applications is unpredictable behavior when invalid inputs are received. This requirement guards ag...
    Rule Medium Severity
  • SRG-APP-000451

    <GroupDescription></GroupDescription>
    Group
  • The DNS server implementation must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality.

    &lt;VulnDiscussion&gt;Failing to an unsecure condition negatively impacts application security and can lead to system compromise. Failure condition...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules