Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001663
CCI
CCI|CCI-001663
Title
The information system, when operating as part of a distributed, hierarchical namespace, provides the means to enable verification of a chain of trust among parent and child domains (if the child supports secure resolution services).
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2010
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - dnssec-enable
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - KSK
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - zone
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001200 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information - ZSK
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001510 - A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies - master
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001510 - A BIND 9.x server implementation must enforce approved authorizations for controlling the flow of information between authoritative name servers and specified secondary name servers based on DNSSEC policies - secondary
Unix
DISA BIND 9.x STIG v2r2
WDNS-SC-000009 - The Windows 2012 DNS Server must enforce approved authorizations between DNS servers through the use of digital signatures in the RRSet.
Windows
DISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000010 - The Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain.
Windows
DISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000011 - The Windows 2012 DNS Server must be configured to validate an authentication chain of parent and child domains via response data.
Windows
DISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000012 - Trust anchors must be exported from authoritative Windows 2012 DNS Servers and distributed to validating Windows 2012 DNS Servers.
Windows
DISA Microsoft Windows 2012 Server DNS STIG v2r5
WDNS-SC-000013 - Automatic Update of Trust Anchors must be enabled on key rollover.
Windows
DISA Microsoft Windows 2012 Server DNS STIG v2r5