Back

Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory.


CONTROL ID
12110
CONTROL TYPE
Technical Security
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an asset inventory., CC ID: 06631

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • If the organization is dynamically assigning addresses using DHCP, then deploy dynamic host configuration protocol (DHCP) server logging, and use this information to improve the asset inventory and help detect unknown systems. (Control 1.2, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • DoD .mil DNS servers on NIPRNet (and .smil.mil DNS servers on SIPRNet) are authoritative for DoD IP addresses provided through the DoD NIC and subtended Component NICs. This means that the DoD .mil DNS servers resolve .mil URLs to their destination IP address. DoD .mil DNS servers on NIPRNet must al… (Section 5.10.4.2 ¶ 1, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)