NIST 800-53 Rev 5
424 controls available
Secure Name/Address Resolution Service (Authoritative Source)
System and Communications Protection
Control Statement
Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.
Discussion
Providing authoritative source information enables external clients, including remote Internet clients, to obtain origin authentication and integrity verification assurances for the host/service name to network address resolution information obtained through the service. Systems that provide name and address resolution services include domain name system (DNS) servers. Additional artifacts include DNS Security Extensions (DNSSEC) digital signatures and cryptographic keys. Authoritative data includes DNS resource records. The means for indicating the security status of child zones include the use of delegation signer resource records in the DNS. Systems that use technologies other than the DNS to map between host and service names and network addresses provide other means to assure the authenticity and integrity of response data.
- Framework
- NIST SP 800-53 Rev 5
- Family
- System and Communications Protection
- Baselines
- low, moderate, high
Related Frameworks
4 paths across 1 framework
Related Frameworks
CCI4 mappings
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
13 STIGs reach this control through 6 CCIs. Expand a row to see the responsible NICE and O*NET roles.