SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver)

Description

This Control addresses how information resource owners and custodians request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.

Applicability

The Chief Information Security Officer (CISO), or designee, is responsible for implementing this Control.

Implementation

1 - The CISO, or designee shall ensure:
- 1.1 - Procedures are in place for analyzing the authenticity and data integrity of the name/address resolution responses to prevent potential breaks to the chain of trust in the DNS infrastructure.
- 1.2 - The information resource that provides name/address resolution service for local clients performs data origin authentication and data integrity verification on the resolution responses it receives from authoritative sources when requested by client systems.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver)

Description​

Applicability​

Implementation​

Description

Applicability

Implementation