Details

Without a means for identifying the individual that produced the information, the information cannot be relied upon. Identifying the validity of information may be delayed or deterred.

This requirement ensures organizational personnel have a means to identify who produced or changed specific information in transfers, zone information, or DNS configuration changes.

Solution

Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account.

If not automatically started, initialize the ‘Server Manager’ window by clicking its icon from the bottom left corner of the screen.

On the opened ‘Server Manager’ window, from the left pane, click to select ‘DNS’.

From the right pane, under the ‘SERVERS’ section, right-click the DNS server.

From the displayed context menu, click the ‘DNS Manager’ option.

Click on the ‘Event Logging’ tab.

Select the ‘Errors and warnings’ or ‘All events’ option.

Click on ‘Apply’.

Click on ‘OK’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_Server_DNS_V2R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability, Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|AU-10(1)(b)
• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• CCI|CCI-001902
• Rule-ID|SV-215648r561297_rule
• STIG-ID|WDNS-AU-000001
• STIG-Legacy|SV-72973
• STIG-Legacy|V-58543
• Vuln-ID|V-215648

Source

• Tenable.com/audits