Our friends over at the DNSSEC Deployment Initiative have noted today that the US National Institute of Standards and Technology (NIST) has announced proposed changes to the Federal Information Security Management Act (FISMA) controls that include among the many changes two relating to DNSSEC. The critical change is “SC-21” as explained by the DNSSEC Deployment Initiative folks:
SC-21 is changed to require “[t]he information system requests and performs data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.” This means that all Federal systems must either request and validate DNSSEC responses, or have a trusted link to a validator that can provide that service for the system. Control SC-21 is also changed to be required for all security levels (Low, Moderate and High).
Essentially this means that when this is fully implemented all US government systems should be consumers/users of DNSSEC, meaning that they will validate domains if they are signed with DNSSEC.
The article also notes that this new requirement will become official 12 months from the final publication of the NIST document, expected to be July 2012. The document released last week by NIST is a draft of “Special Publication 800-53 Revision 4” that is open for public comment through April 6, 2012.
It’s great to see this requirement being added to FISMA controls and as it rolls out it will definitely increase the usage and visibility of DNSSEC.
Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.
We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,…
Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map…
It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a…
About The Author
More Stories
Local Infrastructure, Lower Costs: How Peering Is Moving the Needle on Internet Affordability
On Global Accessibility Awareness Day, An Internet for Everyone Must Include Everyone
An Open Fiber Data Standard to Make the Internet for Everyone