I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
The two files generated by the BIND 9.x server dnssec-keygen program must be group owned by the server administrator account, or deleted, after they have been copied to the key file in the name server.
<VulnDiscussion>To enable zone transfer (requests and responses) through authenticated messages, it is necessary to generate a key for every ...Rule Medium Severity -
SRG-APP-000516-DNS-000086
<GroupDescription></GroupDescription>Group -
Permissions assigned to the dnssec-keygen keys used with the BIND 9.x implementation must enforce read-only access to the key owner and deny access to all other users.
<VulnDiscussion>To enable zone transfer (requests and responses) through authenticated messages, it is necessary to generate a key for every ...Rule Medium Severity -
SRG-APP-000176-DNS-000096
<GroupDescription></GroupDescription>Group -
The BIND 9.x server signature generation using the KSK must be done off-line, using the KSK-private key stored off-line.
<VulnDiscussion>The private key in the KSK key pair must be protected from unauthorized access. The private key should be stored off-line (wi...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.