V-259410
CAT IIA unique Transaction Signature (TSIG) key must be generated for each pair of communicating hosts.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 0
Check Text
This check is not applicable for Windows DNS Servers that only host Active Directory-integrated zones or for Windows DNS servers on a classified network.
Review the DNS implementation. Verify that each pair of communicating hosts has a unique TSIG key (i.e., a separate key for each secondary name server to authenticate transactions with the primary name server, etc.).
If a unique TSIG key has not been generated for each pair of communicating hosts, this is a finding.
If using DNSSEC, this requirement is not applicable.
Fix Text
Regenerate a unique TSIG key for each pair of communicating hosts within the DNS architecture.
STIG Reference
- STIG
- Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
- Version
- 2
- Release
- 4
- Rule ID
- SV-259410r1156963_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServerDNS_V2R3_20251023-172313.ckl | Unassigned | 2026-01-14T12:57:38.179760 | View in Context |