Invasive Testing SC_21_1_1

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.
Return to Main Page
Invasive Testing SC_21_1_1_16

FIPS 199 High Impact (for ICS)

Findings Color Code
Satisfied
Other Than Satisfied - not assessed
Other Than Satisfied - failed

NIST SP 800-53A SC-21(01) .01

Question: Did that review of source code for add-on automated mechanisms that implement the means to when providing name/address resolution for local clients perform data origin authentication and data integrity verification on the resolution responses it receives from authoritative sources when requested by client systems modules implemented in the C or C++ programming language show the implementation avoids all dependence on null-terminated strings and instead uses counted strings ?

Answered by: BOSTON::BUCHANAN

As part of Invasive Testing group: TEST_ADD_DNS

Answer: YES

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.