[dns-operations] Question about DNSSEC and .gov domains

Scott Rose scott.rose at nist.gov
Thu Feb 2 16:57:40 UTC 2012


Hate to confuse you, but the answer is a firm "maybe".  It depends on what sort of information is stored and/or processed.  

The way FISMA has been described (to me) is that any system that "possesses or processes Federal Information" falls under FISMA and is subject to audits, monitoring, etc.  This would mean DNSSEC as well (as DNSSEC is addressed in 2 of the FISMA controls).  The question states (and contractors) need to answer is which systems would fall under this description and who do you check with?  The closest is OMB memo OMB-10-15:
http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-15.pdf

I've seen reports from the IRS that asks that state tax agencies should fall under this guideline, but no official statement (to my limited knowledge) has come out with a solid yes/no answer.  

There is a NIST FISMA implementation project (http://csrc.nist.gov/groups/SMA/fisma/index.html) that might help.  I'm not a part of that group so I can't speak authoritatively.

Scott

On Feb 2, 2012, at 11:27 AM, Stephen Johnson wrote:

> The question isn't the first one that came to your mind. Our Chief
> Security Officer has been getting told that: 
> 
> "Federal officials have indicated that any .gov domains (like states)
> exchanging data with the feds will need to be DNSSEC compliant."
> 
> I'd like to think that I'm up to date with all of the latest US Federal
> Government Rules and Regulations in regards to the State's .gov domains
> about any data transfers processes. I have not heard even a hint that
> such a requirement is in the works. This is coming from a vendor which
> makes me very suspicious of the source. 
> 
> I've like to give my CSO an unequivocal answer one way, or the other. So
> my question to the community is there any truth to this rumor? Is there
> some announcement or new regulation saying that DNSEC is a requirement
> for data exchange with the US Federal Govenment that I've missed?
> -- 
> Stephen L Johnson  <stephen.johnson at arkansas.gov>
> Unix Systems Administrator / DNS Hostmaster
> Department of Information Systems
> State of Arkansas
> 501-682-4339
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

===================================
Scott Rose
NIST
scott.rose at nist.gov
+1 301-975-8439
Google Voice: +1 571-249-3671
http://www.dnsops.gov/
===================================




More information about the dns-operations mailing list