SC-20—Secure Name / Address Resolution Service (Authoritative Source)
>Control Description
>Supplemental Guidance
This control enables external clients including, for example, remote Internet clients, to obtain origin authentication and integrity verification assurances for the host/service name to network address resolution information obtained through the service. Information systems that provide name and address resolution services include, for example, domain name system (DNS) servers. Additional artifacts include, for example, DNS Security (DNSSEC) digital signatures and cryptographic keys.
DNS resource records are examples of authoritative data. The means to indicate the security status of child zones includes, for example, the use of delegation signer resource records in the DNS. Information systems that use technologies other than the DNS to map between host/service names and network addresses provide other means to assure the authenticity and integrity of response data.
Related controls: AU-10, SC-8, SC-12, SC-13, SC-21, SC-22
>Tailoring Guidance
This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis. This security control/enhancement cannot be met using readily available Commercial-Off-The-Shelf (COTS) components.
Consequently, implementation of this security control/enhancement may be somewhat problematic.
Ask AI
Configure your API key to use AI features.