---
names: 
  full: "Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1"
  contextual: "Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1"
description: "DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) \
 and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. \
 The algorithm used for key signing should be a recommended one and it should be strong."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v5.0.0/03/04
  - /frameworks/cloudaware/secret-and-certificate-governance/cryptographic-configuration
  - /frameworks/nist-sp-800-53-r5/ac/18
  - /frameworks/nist-sp-800-53-r5/cm/02
  - /frameworks/nist-sp-800-53-r5/cm/06
  - /frameworks/nist-sp-800-53-r5/cm/07
  - /frameworks/nist-sp-800-53-r5/cm/09
  - /frameworks/pci-dss-v4.0/01/01/01
  - /frameworks/pci-dss-v4.0/01/02/01
  - /frameworks/pci-dss-v4.0/01/02/06
  - /frameworks/pci-dss-v4.0/01/02/07
  - /frameworks/pci-dss-v4.0/01/04/02
  - /frameworks/pci-dss-v4.0/01/05/01
  - /frameworks/pci-dss-v4.0/02/01/01
  - /frameworks/pci-dss-v4.0/02/02/01
  - /frameworks/iso-iec-27001-2022/08/09
  - /frameworks/nist-csf-v1.1/pr-ip/01
  - /frameworks/soc-2/cc5/02/02
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudDNS/dns-sec-key-signing-algorithm-in-use.html"
      name: "Check for DNSSEC Key-Signing Algorithm in Use"