SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)
Control: The information system that provides name/address resolution service for local clients performs data origin authentication and data integrity verification on the resolution responses it receives from authoritative sources when requested by client systems.
Supplemental Guidance: A resolving or caching domain name system (DNS) server is an example of an information system that provides name/address resolution service for local clients and authoritative DNS servers are examples of authoritative sources. NIST Special Publication 800-81 provides guidance on secure domain name system deployment.
(1) The information system performs data origin authentication and data integrity verification on all resolution responses whether or not local clients explicitly request this service.
Enhancement Supplemental Guidance: Local clients include, for example, DNS stub resolvers.
Baseline: LOW Not Selected MOD Not Selected HIGH SC-21
Family: System And Communications Protection
ISO 17799 mapping: None.
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: None.