| BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - dnssec-enable | DISA BIND 9.x STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - KSK | DISA BIND 9.x STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - zone | DISA BIND 9.x STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - ZSK | DISA BIND 9.x STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001510 - A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies - master | DISA BIND 9.x STIG v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001510 - A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies - secondary | DISA BIND 9.x STIG v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000009 - The Windows 2012 DNS Server must enforce approved authorizations between DNS servers through the use of digital signatures in the RRSet. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000010 - The Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000011 - The Windows 2012 DNS Server must be configured to validate an authentication chain of parent and child domains via response data. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000012 - Trust anchors must be exported from authoritative Windows 2012 DNS Servers and distributed to validating Windows 2012 DNS Servers. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000013 - Automatic Update of Trust Anchors must be enabled on key rollover. | DISA Microsoft Windows 2012 Server DNS STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
