Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • On the BIND 9.x server the private key corresponding to the ZSK, stored on name servers accepting dynamic updates, must be owned by root.

    <VulnDiscussion>The private ZSK key must be protected from unauthorized access. This strategy is not feasible in situations in which the DNS...
    Rule Medium Severity
  • SRG-APP-000516-DNS-000111

    <GroupDescription></GroupDescription>
    Group
  • On the BIND 9.x server the private key corresponding to the ZSK, stored on name servers accepting dynamic updates, must be group owned by root.

    &lt;VulnDiscussion&gt;The private ZSK key must be protected from unauthorized access. This strategy is not feasible in situations in which the DNS...
    Rule Medium Severity
  • SRG-APP-000215-DNS-000003

    <GroupDescription></GroupDescription>
    Group
  • A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies.

    &lt;VulnDiscussion&gt;A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules