Description

This Control addresses how information resource owners and custodians provide additional data origin and integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.

Applicability

  • The Chief Information Security Officer (CISO), or designee, is responsible for implementing this Control.

Implementation

  • 1

    The CISO, or designee, is responsible for ensuring procedures are in place that:

    • 1.1

      Provide additional data origin and integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and

    • 1.2

      Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.