Skip to content
Log In

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000089-DNS-000005

    Group
    Show

  • The Windows 2012 DNS Server logging must be enabled to record events from all DNS server functions.

    DNS server performance can be affected when additional logging is enabled; however, the enhanced DNS logging and diagnostics feature in Windows Server 2012 R2 is designed to have a very low impact ...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DNS-000500

    Group
    Show

  • The Windows 2012 DNS Server logging criteria must only be configured by the ISSM or individuals appointed by the ISSM.

    Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. The actual...
    Rule Medium Severity
    Show

  • SRG-APP-000125-DNS-000012

    Group
    Show

  • The Windows 2012 DNS Servers audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

    Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defin...
    Rule Medium Severity
    Show

  • SRG-APP-000214-DNS-000079

    Group
    Show

  • The validity period for the RRSIGs covering the DS RR for a zones delegated children must be no less than two days and no more than one week.

    The best way for a zone administrator to minimize the impact of a key compromise is by limiting the validity period of RRSIGs in the zone and in the parent zone. This strategy limits the time durin...
    Rule Medium Severity
    Show

  • SRG-APP-000218-DNS-000027

    Group
    Show

  • The Windows DNS name servers for a zone must be geographically dispersed.

    In addition to network-based separation, authoritative name servers should be dispersed geographically as well. In other words, in addition to being located on different network segments, the autho...
    Rule Medium Severity
    Show

  • SRG-APP-000383-DNS-000047

    Group
    Show

  • The Windows 2012 DNS Server must prohibit recursion on authoritative name servers for which forwarders have not been configured for external queries.

    A potential vulnerability of DNS is that an attacker can poison a name server's cache by sending queries that will cause the server to obtain host-to-IP address mappings from bogus name servers tha...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules