WDNS-AU-000001 - The Windows 2012 DNS Server must be configured to record, and make available to authorized personnel, who added/modified/deleted DNS zone information.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Without a means for identifying the individual that produced the information, the information cannot be relied upon. Identifying the validity of information may be delayed or deterred.

This requirement ensures organizational personnel have a means to identify who produced or changed specific information in transfers, zone information, or DNS configuration changes.

Solution

Log on to the DNS server using the Domain Admin or Enterprise Admin account.

If not automatically started, initialize the 'Server Manager' window by clicking its icon from the bottom left corner of the screen.

On the opened 'Server Manager' window, from the left pane, click to select 'DNS'.

From the right pane, under the 'SERVERS' section, right-click the DNS server.

From the displayed context menu, click the 'DNS Manager' option.

Click on the 'Event Logging' tab.

Select the 'Errors and warnings' or 'All events' option.

Click on 'Apply'.

Click on 'OK'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_Server_DNS_V1R14_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CAT|II, CCI|CCI-000366, CCI|CCI-001902, Rule-ID|SV-72973r3_rule, STIG-ID|WDNS-AU-000001, Vuln-ID|V-58543

Plugin: Windows

Control ID: b4fea269f0317956b99091fef216f0262bc8cc2e18e56d8526210540ac126e49