STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-20 — Secure Name/Address Resolution Service (Authoritative Source)

CCI-001663

Definition

The information system, when operating as part of a distributed, hierarchical namespace, provides the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).

Parent Control

SC-20Secure Name/Address Resolution Service (Authoritative Source)System and Communications Protection

Linked STIG Checks (19)

V-272417CAT IA BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and must perform integrity verification and data origin verification for all DNS information.BIND 9.x Security Technical Implementation Guide V-205179CAT IIThe DNS server implementation must enforce approved authorizations for controlling the flow of information between DNS servers and between DNS servers and DNS clients based on DNSSEC policies.Domain Name System (DNS) Security Requirements Guide V-205180CAT IIA DNS server implementation must provide the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).Domain Name System (DNS) Security Requirements Guide V-279959CAT IIAn authoritative name server must be configured to enable DNSSEC Resource Records.Domain Name System (DNS) Security Requirements Guide V-265982CAT IIAn authoritative name server must be configured to enable DNSSEC Resource Records.F5 BIG-IP TMOS DNS Security Technical Implementation Guide V-214171CAT IIThe Infoblox system implementation must enforce approved authorizations for controlling the flow of information between DNS servers and between DNS servers and DNS clients based on DNSSEC policies.Infoblox 7.x DNS Security Technical Implementation Guide V-214172CAT IIA DNS server implementation must provide the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).Infoblox 7.x DNS Security Technical Implementation Guide V-233911CAT IIThe Infoblox DNS service member implementation must enforce approved authorizations for controlling the flow of information between DNS service members and between DNS service members and DNS clients based on TSIG policies.Infoblox 8.x DNS Security Technical Implementation Guide V-233912CAT IIThe Infoblox DNS service member must enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).Infoblox 8.x DNS Security Technical Implementation Guide V-215617CAT IIThe Windows 2012 DNS Server must enforce approved authorizations between DNS servers through the use of digital signatures in the RRSet.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-215618CAT IIThe Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-215619CAT IIThe Windows 2012 DNS Server must be configured to validate an authentication chain of parent and child domains via response data.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-215620CAT IITrust anchors must be exported from authoritative Windows 2012 DNS Servers and distributed to validating Windows 2012 DNS Servers.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-215621CAT IIAutomatic Update of Trust Anchors must be enabled on key rollover.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-259380CAT IIThe Windows DNS Server must enforce approved authorizations between DNS servers using digital signatures in the Resource Record Set (RRSet).Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-259381CAT IIThe Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-259382CAT IIThe Windows DNS Server must be configured to validate an authentication chain of parent and child domains via response data.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-259383CAT IITrust anchors must be exported from authoritative Windows DNS Servers and distributed to validating Windows DNS Servers.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-259384CAT IIAutomatic Update of Trust Anchors must be enabled on key rollover.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide