STIG V-263624 | The DNS server implementation must di...

Domain Name System (DNS) Security Requirements Guide

The DNS server implementation must disable accounts when the accounts are no longer associated to a user.

STIG ID: | SRG: SRG-APP-000705-DNS-000110 | Severity: Medium | CCI: | Vulnerability ID: V-263624

Description

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality, which reduce the attack surface of the system.

Check

C-67524r982032_chk

Verify the DNS server implementation is configured to disable accounts when the accounts are no longer associated to a user. If the DNS server implementation is not configured to disable accounts when the accounts are no longer associated to a user, this is a finding.

Fix

F-67432r982033_fix

Configure the DNS server implementation to disable accounts when the accounts are no longer associated to a user.