Posts Tagged dot-gov
The US National Institute of Standards and Technology (NIST) announced the release of the fourth revision of Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations last week. NIST SP 800-53r4 (3.3MB PDF) is the latest revision of the FISMA controls that apply to all Federal information systems. This revision includes changes to the two DNSSEC related security controls (SC-20 and SC-21).
SC-20 combines the previous Enhancement on provisioning of DS RR’s in the parent zone and make it part of the base control.
SC-21 is changed to require “[t]he information system requests and performs data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.” This means that all Federal systems must either request and validate DNSSEC responses, or have a trusted link to a validator that can provide that service for the system. Control SC-21 is also changed to be required for all security levels (Low, Moderate and High).
As with previous revisions of NIST SP 800-53, the final set of controls are official twelve months from the final publication date (estimated to be July 2012). The public comment period for this draft ends on April 6th. Comments should be sent to the FISMA project team at firstname.lastname@example.org
The DNSSEC Deployment Initiative in conjunction with FOSE will be putting on the workshop, Making DNSSEC the Trust Infrastructure: Where Domain Name Security is Headed, at FOSE 2012 (Washington, DC, April 3-5, 2012).
Registration is now open. The
$45 FREE (registration required), 10:00 AM – 4:00 PM workshop on April 3rd, which is aimed at DNSSEC in the US Federal Government, includes these objectives:
- Understand where U.S. Federal DNSSEC deployments stand, and the impact of reductions in Federal data centers and domain names on .gov deployment;
- Learn about new DNSSEC-aware apps that can help speed or ease deployment; and
- Learn where DNSSEC will lead Federal and worldwide Internet security next, in the face of large-scale domain-name attacks and other challenges.
FOSE, the federal information technology conference and expo, offers free registration to federal employees and military personnel. Don’t fit into those categories? The DNSSEC Deployment Coordination Initiative can offer you free registration at this special link.
You can see the full program for the March 24 daylong session “What’s Next in DNSSEC,” sponsored by the Initiative, here. Featured will be updates on U.S. federal government DNSSEC deployment and next steps; state, municipal and public-private network deployment; perspectives on DNSSEC in the commercial, educational and nonprofit sector domains; and lessons learned from deployment across the federal system. The program is free but requires pre-registration.
As DNSSEC deployment rolls out in government domains in the U.S. and elsewhere, we’re seeing more lists that visually display the status of deployment within a top-level domain. Here are some recent examples:
- From the U.S. .GOV TLD: Using a list of domain names taken from the web sites catalogued in the USA.gov website, Initiative partner Scott Rose of the U.S. National Institute of Standards and Technology wrote a script that queried which had a secure link from .GOV. The results, shown here, note that the “U.S. Federal Government maintains some domain names outside of the .gov gTLD. Likewise, there are state, local, and sovereign nation delegations found in .gov that are not required to deploy DNSSEC, but may deploy voluntarily.” Signed U.S. state domains include Vermont’s vermont.gov, vermonttreasurer.gov, and healthvermont.gov, the state’s health department; Idaho’s idaho.gov and idahobyways.gov from the state’s transportation department; Louisiana‘s lacoast.gov, from the Louisiana Coastal Wetlands Conservation and Restoration Task Force; the Tennessee Valley Authority’s tva.gov; Utah Fire Info, a federal-state partnership; and Virginia.gov.
- From Sweden: Two separate pages display DNSSEC deployment progress among municipal domains and in public sector agencies there, with hundreds of sites listed.