POAM-00207
V-259342: Forwarders on an authoritative Windows DNS Server, if enabled for external resolution, must forward
Forwarders on an authoritative Windows DNS Server, if enabled for external resolution, must forward only to an internal, non-Active Directory (AD)-integrated DNS server or to the DOD Enterprise Recurs...
Recommended NIST Controls
Based on keyword analysis of POA&M description
| Control | Title | Family | Action |
|---|---|---|---|
| No recommendations available (ingest NIST controls first) | |||
Recommended STIG Rules
Based on keyword analysis of POA&M description
| Vuln ID | Title | Severity | Action |
|---|---|---|---|
| V-224826 | Windows Server 2016 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | CAT II | |
| V-224827 | Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use. | CAT II | |
| V-224829 | The Windows Server 2016 system must use an anti-virus program. | CAT I | |
| V-224830 | Servers must have a host-based intrusion detection or prevention system. | CAT II | |
| V-224836 | Non-administrative accounts or groups must only have print permissions on printer shares. | CAT III | |
| V-224838 | Windows Server 2016 accounts must require passwords. | CAT II | |
| V-224842 | Software certificate installation files must be removed from Windows Server 2016. | CAT II | |
| V-224845 | The roles and features required by the system must be documented. | CAT II | |
| V-224846 | A host-based firewall must be installed and enabled on the system. | CAT II | |
| V-224847 | Windows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP). | CAT II |