← Back to Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide

V-259412

CAT II (Medium)

In the event of a system failure, the Windows DNS Server must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

Rule ID

SV-259412r961125_rule

STIG

Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-001665

Discussion

Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving application state information helps to facilitate application restart and return to the operational mode of the organization with less disruption to mission-essential processes.

Check Content

Use the AuditPol tool to review the current Audit Policy configuration:

Open a Command Prompt with elevated privileges ("Run as Administrator").

Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding.

Object Access >> File System - Failure

Fix Text

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit File System with "Failure" selected.