| STIG ID | Version | Title | Product |
|---|---|---|---|
| SRG-APP-000176-DNS-000017 | V4R2 | The DNS server implementation, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000176-DNS-000018 | V4R2 | The key file must be owned by the account under which the name server software is run. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000176-DNS-000019 | V4R2 | Read/Write access to the key file must be restricted to the account that runs the name server software only. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000176-DNS-000094 | V4R2 | Only the private key corresponding to the ZSK alone must be kept on the name server that does support dynamic updates. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000176-DNS-000096 | V4R2 | Signature generation using the KSK must be done off-line, using the KSK-private stored off-line. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000176-MFP-000243 | V3R4 | The Mainframe Product, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | Security Requirements Guide - Mainframe Product |
| SRG-APP-000176-WSR-000096 | V4R4 | Only authenticated system administrators or the designated PKI Sponsor for the web server must have access to the web servers private key. | Security Requirements Guide - Web Server |