CCI-001179

Provides the means to indicate the security status of child zones, when operating as part of a distributed, hierarchical namespace.

Implementation Guidance

Determine if: - the means to indicate the security status of child zones (and if the child supports secure resolution services) is provided when operating as part of a distributed, hierarchical namespace. - the means to enable verification of a chain of trust among parent and child domains when operating as part of a distributed, hierarchical namespace is provided.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing secure name/address resolution services (authoritative source); system design documentation; system configuration settings and associated documentation; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for managing DNS]. Test: [SELECT FROM: Mechanisms supporting and/or implementing secure name/address resolution services].

The controls below (if any) were marked by NIST as being related to CCI-001179.