Skip to content
ATO Pathways
  Log In

CCI-001663

Provide the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services), when operating as part of a distributed, hierarchical namespace.

Logo
2

Rule

Severity: High
A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information.
Logo
2

Rule

Severity: Medium
A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies.
Logo
2

Rule

Severity: Medium
The DNS server implementation must enforce approved authorizations for controlling the flow of information between DNS servers and between DNS servers and DNS clients based on DNSSEC policies.
Logo
3

Rule

Severity: Medium
A DNS server implementation must provide the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).
Logo
1

Rule

Severity: Medium
The Infoblox DNS server implementation must enforce approved authorizations for controlling the flow of information between DNS servers and between DNS servers and DNS clients based on DNSSEC policies.
Logo
1

Rule

Severity: Medium
The Infoblox DNS server must enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).
Logo
1

Rule

Severity: Medium
The Infoblox system implementation must enforce approved authorizations for controlling the flow of information between DNS servers and between DNS servers and DNS clients based on DNSSEC policies.
Logo
1

Rule

Severity: Medium
The Windows 2012 DNS Server must enforce approved authorizations between DNS servers through the use of digital signatures in the RRSet.
Logo
3

Rule

Severity: Medium
The Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain.
Logo
1

Rule

Severity: Medium
The Windows 2012 DNS Server must be configured to validate an authentication chain of parent and child domains via response data.
Logo
1

Rule

Severity: Medium
Trust anchors must be exported from authoritative Windows 2012 DNS Servers and distributed to validating Windows 2012 DNS Servers.
Logo
3

Rule

Severity: Medium
Automatic Update of Trust Anchors must be enabled on key rollover.
Logo
2

Rule

Severity: Medium
The Windows DNS Server must enforce approved authorizations between DNS servers using digital signatures in the Resource Record Set (RRSet).
Logo
2

Rule

Severity: Medium
The Windows DNS Server must be configured to validate an authentication chain of parent and child domains via response data.
Logo
2

Rule

Severity: Medium
Trust anchors must be exported from authoritative Windows DNS Servers and distributed to validating Windows DNS Servers.
Logo
1

Rule

Severity: Medium
An authoritative name server must be configured to enable DNSSEC Resource Records.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules