Microsoft Windows 2012 Server DNS STIG Ver 2, Rel 7 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Microsoft Windows 2012 Server DNS STIG - Ver 1, Rel 10
- Defense Information Systems Agency
Target:
Target | CPE Name |
---|---|
Microsoft Windows Server 2012 R2 | cpe:/o:microsoft:windows_server_2012:r2 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Microsoft Windows 2012 Server DNS STIG
- Checklist ID:
- 571
- Version:
- Ver 2, Rel 7
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 04/28/2017
Checklist Summary:
This Microsoft Windows 2012 Server Domain Name System (DNS) STIG is published as a tool to secure Microsoft Windows 2012 DNS implementations. This STIG will be used for all Windows 2012/2012 R2 DNS servers, whether Active Directory-integrated, authoritative file-backed DNS zones, a hybrid of both, or as a recursive caching server. This STIG should also be used for Windows 2012 DNS servers being used as a secondary name server for zones whose master authoritative server is non-Windows. The direction is to ensure Windows 2012 DNS data’s authentication and integrity through the means of applying DNS Security Extensions (DNSSEC), specified by the Internet Engineering Task Force (IETF) Requests for Comment (RFC4641, RFC5011, RFC5155, RFC4033, RFC4034, RFC4035, and RFC3833) and as outlined in the NIST Special Publication (SP) 800-81, “Secure Domain Name System (DNS) Deployment Guide”. In addition, the NIST SP 800-81 rev 2, “Secure Domain Name System (DNS) Deployment Guide” has been a resource in the development of this Windows 2012 DNS STIG. As the DNS Server service in Windows Server 2012 has greatly enhanced support for DNSSEC, these STIG settings are required for all Windows 2012/2012 R2 DNS implementations.
Checklist Role:
- Domain Name Server
- DNS Server
- Desktop and Server Operating System
Known Issues:
Not Provided
Target Audience:
This checklist is primarily for IT generalists, security specialists, network architects, and other IT professionals and consultants who plan application or infrastructure development and deployments of Windows 8 and BitLocker for both desktop and laptop client computers in an enterprise environment.
Target Operational Environment:
- Managed
Testing Information:
Not Provided
Regulatory Compliance:
DoD Instruction (DoDI) 8500.01
Comments/Warnings/Miscellaneous:
Not Provided
Disclaimer:
Not Provided
Product Support:
Not Provided
Point of Contact:
disa.stig_spt@mail.mil
Sponsor:
Not Provided
Licensing:
Not Provided
Change History:
Version 1, Release 2 - 29 October 2015 Changed status from "Under Review" to "Final" - 04 December 2015 Version 1, Release 3 - 2 February 2016 3/11/2016 - Promote to Final updated to - v1, r4 - 07/22/2016 Updated to FINAL - 09/12/2016 Updated to Ver 1, Rel 5 - 01/27/2017 Updated to FINAL - 03/13/2017 Updated to Version 1, Release 6 - 04/28/2017 Updated to FINAL - 05/30/2017 null Updated URL to reflect change to the DISA website - http --> https Updated to Version 1, Release 8 - 02/16/2018 Updated to FINAL - 3/18/2018 updated to v1,r9 - 4/25/18 Updated to FINAL - 5/25/18 updated to Version 1, Release 10 - 7/24/18 Updated to FINAL - 8/24/18
Dependency/Requirements:
URL | Description |
---|---|
https://iasecontent.disa.mil/stigs/pdf/U_Microsoft_Windows_2012_Server_Domain_Name_System_STIG_V1_Release_Memo.pdf | Windows Server 2012 DNS STIG - Version 1 Release Memo |
References:
Reference URL | Description |
---|