V-259393
CAT IIThe Windows DNS Server must protect secret/private cryptographic keys while at rest.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 0
Check Text
This check is not applicable for Windows DNS Servers that only host Active Directory-integrated zones or for Windows DNS servers on a classified network.
To verify the cryptographic keys are protected after being backed up to another medium (tape, disk, SAN, etc.), consult with the system administrator to determine the backup policy in place for the DNS server.
If a backup policy does not exist or the backup policy does not specify the protection required for the backup medium to be at or above the level as the server, this is a finding.
Fix Text
To ensure the cryptographic keys are protected after being backed up to tape or other medium, develop a backup policy that includes the protection of backup date at or above the level as the DNS server.
STIG Reference
- STIG
- Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
- Version
- 2
- Release
- 4
- Rule ID
- SV-259393r1028387_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl | Unassigned | 2026-01-14T12:57:38.179760 | View in Context |