STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-20 — Secure Name/Address Resolution Service (Authoritative Source)

CCI-001179

Definition

Provides the means to indicate the security status of child zones, when operating as part of a distributed, hierarchical namespace.

Parent Control

SC-20Secure Name/Address Resolution Service (Authoritative Source)System and Communications Protection

Linked STIG Checks (12)

V-272425CAT IIA BIND 9.x server must provide secure delegation to all child zones.BIND 9.x Security Technical Implementation Guide V-272426CAT IIThe BIND 9.x server validity period for the RRSIGs covering the DS RR for zones delegated children must be no less than two days and no more than one week.BIND 9.x Security Technical Implementation Guide V-205177CAT IIA DNS server implementation must provide the means to indicate the security status of child zones.Domain Name System (DNS) Security Requirements Guide V-205178CAT IIThe validity period for the RRSIGs covering the DS RR for a zones delegated children must be no less than two days and no more than one week.Domain Name System (DNS) Security Requirements Guide V-265989CAT IIThe validity period for the RRSIGs covering the DS RR for a zones delegated children must be no less than two days and no more than one week.F5 BIG-IP TMOS DNS Security Technical Implementation Guide V-214169CAT IIA DNS server implementation must provide the means to indicate the security status of child zones.Infoblox 7.x DNS Security Technical Implementation Guide V-214170CAT IIThe Key Signing Key (KSK) rollover interval must be configured to no less than one year.Infoblox 7.x DNS Security Technical Implementation Guide V-233909CAT IIThe Infoblox DNS service member implementation must provide the means to indicate the security status of child zones.Infoblox 8.x DNS Security Technical Implementation Guide V-233910CAT IIThe validity period for the Resource Record Signatures (RRSIGs) covering the Delegation Signer (DS) RR for a zone's delegated children must be no less than two days and no more than one week.Infoblox 8.x DNS Security Technical Implementation Guide V-215616CAT IIThe Windows 2012 DNS Server must be configured with the DS RR carrying the signature for the RR that contains the public key of the child zone.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-259339CAT IIThe validity period for the Resource Record Signatures (RRSIGs) covering the Delegation Signer (DS) Resource Record (RR) for a zone's delegated children must be no less than two days and no more than one week.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-259379CAT IIThe Windows DNS Server must be configured with the Delegation Signer (DS) Resource Records (RR) carrying the signature for the RR that contains the public key of the child zone.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide