STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← SC-20 — Secure Name/Address Resolution Service (Authoritative Source)

CCI-002462

Definition

Provide additional data integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.

Parent Control

SC-20Secure Name/Address Resolution Service (Authoritative Source)System and Communications Protection

Linked STIG Checks (9)

V-272417CAT IA BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and must perform integrity verification and data origin verification for all DNS information.BIND 9.x Security Technical Implementation GuideV-205208CAT IIA DNS server implementation must provide additional integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.Domain Name System (DNS) Security Requirements GuideV-265982CAT IIAn authoritative name server must be configured to enable DNSSEC Resource Records.F5 BIG-IP TMOS DNS Security Technical Implementation GuideV-214190CAT IIA DNS server implementation must provide additional integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.Infoblox 7.x DNS Security Technical Implementation GuideV-233908CAT IIThe Infoblox DNS service member must provide additional integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.Infoblox 8.x DNS Security Technical Implementation GuideV-215614CAT IIWINS lookups must be disabled on the Windows 2012 DNS Server.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation GuideV-215615CAT IIThe Windows 2012 DNS Server must use DNSSEC data within queries to confirm data integrity to DNS resolvers.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation GuideV-259377CAT IIWINS lookups must be disabled on the Windows DNS Server.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation GuideV-259378CAT IIThe Windows DNS Server must use DNSSEC data within queries to confirm data integrity to DNS resolvers.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide