STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← SC-21 — Secure Name/Address Resolution Service (Recursive or Caching Resolver)

CCI-002468

Definition

Perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

Parent Control

SC-21Secure Name/Address Resolution Service (Recursive or Caching Resolver)System and Communications Protection

Linked STIG Checks (9)

V-272417CAT IA BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and must perform integrity verification and data origin verification for all DNS information.BIND 9.x Security Technical Implementation GuideV-205212CAT IIA DNS server implementation must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.Domain Name System (DNS) Security Requirements GuideV-265982CAT IIAn authoritative name server must be configured to enable DNSSEC Resource Records.F5 BIG-IP TMOS DNS Security Technical Implementation GuideV-214194CAT IIA DNS server implementation must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.Infoblox 7.x DNS Security Technical Implementation GuideV-233913CAT IIThe Infoblox DNS service member must request data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.Infoblox 8.x DNS Security Technical Implementation GuideV-215625CAT IIThe Windows DNS secondary server must validate data origin verification authentication on the name/address resolution responses received from primary name servers.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation GuideV-259388CAT IIThe Windows DNS secondary server must validate data origin verification authentication on the name/address resolution responses received from primary name servers.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation GuideV-254869CAT IIThe Tanium operating system (TanOS) must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.Tanium 7.x Operating System on TanOS Security Technical Implementation GuideV-207492CAT IIThe VMM must perform data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.Virtual Machine Manager Security Requirements Guide