The DNS server implementation must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.

STIG ID: SRG-APP-000915-DNS-000310  |  SRG: SRG-APP-000915 |  Severity: medium (CAT II)  |  CCI: CCI-004910 |  Vulnerability Id: V-263644

Vulnerability Discussion

A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.

Check

Verify the DNS server implementation is configured to provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.

If the DNS server implementation is not configured to provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store, this is a finding.

Fix

Configure the DNS server implementation to provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.