Skip to content
Log In

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-DNS-000108

    Group
    Show

  • On the BIND 9.x server the IP address for hidden master authoritative name servers must not appear in the name servers set in the zone database.

    A hidden master authoritative server is an authoritative DNS server whose IP address does not appear in the name server set for a zone. All of the name servers that do appear in the zone database a...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DNS-000500

    Group
    Show

  • A BIND 9.x implementation operating in a split DNS configuration must be approved by the organizations Authorizing Official.

    BIND 9.x has implemented an option to use "view" statements to allow for split DNS architecture to be configured on a single name server. If the split DNS architecture is improperly configured th...
    Rule High Severity
    Show

  • SRG-APP-000516-DNS-000111

    Group
    Show

  • On the BIND 9.x server the private key corresponding to the ZSK, stored on name servers accepting dynamic updates, must be owned by root.

    The private ZSK key must be protected from unauthorized access. This strategy is not feasible in situations in which the DNSSEC-aware name server has to support dynamic updates. To support dynamic...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DNS-000111

    Group
    Show

  • On the BIND 9.x server the private key corresponding to the ZSK, stored on name servers accepting dynamic updates, must be group owned by root.

    The private ZSK key must be protected from unauthorized access. This strategy is not feasible in situations in which the DNSSEC-aware name server has to support dynamic updates. To support dynamic...
    Rule Medium Severity
    Show

  • SRG-APP-000215-DNS-000003

    Group
    Show

  • A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies.

    A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations, ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules