If you work for a federal agency, you are probably aware of the OMB mandate that requires you to deploy DNSSEC on your external DNS by December 2009. Think you are out of the DNSSEC woods at that point? Think again.
According to a presentation at the recent GovSec conference by Doug Montgomery, Manager Internet Technologies Research Group at NIST, agencies should also be planning how they are going to sign their internal DNS. Why? Because revision 3 of NIST SP 800-53 says they must.
This new revision of the NIST document prescribes DNSSEC deployment for all federal IT systems (low, medium and high impact), which, of course, includes internal DNS systems. Once the initial draft of this document is finalized, which is expected to happen in May 2009, agencies will have one year to comply.
During the same DNSSEC session at GovSec, Susan Lightman, of the Office of Management and Budget, also indicated that OMB would begin conducting spot checks of agency’s DNSSEC deployment progress beginning in May or June of this year.
Source: Notify: The Latest in DNS News - April 2009, Secure64, Retrieved on 04/02/09 from secure64.com/page.asp?id=209
Search DNSSEC Blog
DNSSEC NEWSFLASH
Thursday, April 2, 2009
FISMA Requires DNSSEC on Internal Networks
Subscribe to:
Post Comments (Atom)
NIST SP 800-53 Rev3 DNS RELATED CONTROLS
ReplyDeleteRevision 3 contains 4 Technical “System and Communications Protection” controls affecting transmission integrity, secure name/address resolution service including authoritative and recursive (cashing) resolvers and the architecture and provisioning of DNS. The DNS related controls require DNS to be fault tolerant and implement internal/external role separation, usage of transmission cryptography mechanisms to maintain data integrity, establishment of chain of trust for domains and authentication and verification of data origin.
The DNSSEC related controls for Special Publication 800-53, Revision 3 include:
SC-8 TRANSMISSION INTEGRITY
SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE
Bonjorno, dnssec.blogspot.com!
ReplyDelete[url=http://athe.pun.pl/ ]Acquisto in Italia[/url] [url=http://viagraradf.pun.pl/ ]Vendita viagra in Italia[/url] [url=http://viagraonline.pun.pl ]Acquistare viagra generico[/url] [url=http://viagracqui.pun.pl/ ]Compra viagra online[/url] [url=http://cialisenta.pun.pl/ ]Vendita cialis in Italia[/url] [url=http://viagrakhou.pun.pl/ ]Acquisto viagra online[/url]
Can anyone recommend the well-priced Endpoint Security software for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central help desk software
ReplyDelete? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!
amateur lesbian shower sex lacy duvalle lesbian scenes indiana laws on adultery with lesbian index of jpeg young lesbian indian lesbians porn amateur lesbians lesbian bars san francisco
ReplyDeleteGood Day!!! dnssec.blogspot.com is one of the most outstanding innovative websites of its kind. I take advantage of reading it every day. dnssec.blogspot.com rocks!
ReplyDelete