πΌ SC-20 Secure Name/Address Resolution Service (Authoritative Source) (L)(M)(H)
- Contextual name: πΌ SC-20 Secure Name/Address Resolution Service (Authoritative Source) (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/sc/20 - Located in: πΌ System and Communications Protection
Descriptionβ
a. Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and
b. Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.
SC-20 Additional FedRAMP Requirements and Guidance:
Guidance: SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary.
Guidance: External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged.
Guidance: CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs
Requirement: Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sc/20/frameworks/fedramp-high-security-controls/sc/20
- Internal
- ID:
dec-c-84e23f8f
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ SC-20 Secure Name/Address Resolution Service (Authoritative Source) (L)(M)(H) | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-20 Secure Name/address Resolution Service (authoritative Source) | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|