Meet the OMB Mandate & FISMA Requirements

OMB mandate M-08-23 requires every U.S. federal government IT organization to deploy DNSSEC on the external network and current FISMA requirements extend its use to the internal network. While the scale and impact of DNSSEC deployment varies depending on your organization’s infrastructure, the complexity, cost, and risk associated with meeting this national security-driven mandate is on everyone’s mind.

If you’re planning to deploy DNSSEC, your checklist should include:

  • Reducing DNSSEC deployment and ongoing administration costs
  • Eliminating the risk of catastrophic failure due to human error
  • Minimizing the impact on existing DNS infrastructure 
  • Completing the deployment in weeks rather than months
  • Meeting the NIST SP 800-81 recommended guidelines for a secure DNS.


          
FIPS 140-2 Inside
   
 

DNSSEC Made Simple & Secure


Manual DNSSEC implementation is complex, time consuming, and error-prone. Sometimes it requires programming and system integration skills that may not reside within your IT organization. Secure64 DNS Signer was developed using a grant from the Department of Homeland Security. It fully automates DNSSEC quickly, correctly and securely. Simply plug Signer into your existing infrastructure, add a single statement to the configuration file, and your zones are signed.

Signer supports multiple deployment architectures. It is fully compatible with Secure64 DNS Authority, BIND, NSD, and Microsoft Windows DNS masters and slaves. And no matter how big or how dynamic your DNS environment, Signer can handle the load.

Signer is ready for deployment in government infrastructures. It’s the only FIPS 140-2 level 2 compliant product that’s also IPv6 certified. What’s more, the product received the Best in FOSE award in 2009.
DNS Signer is a product you can trust to protect citizens against cache poisoning attacks. Perhaps that’s why we have the largest federal government installed base, including the Departments of Commerce, Interior and Labor.

Make Yourself an Authority


Secure64 also offers a DNS Authority software appliance to provide easy compliance with NIST SP 800-81 guidelines for a secure authoritative name server. Authority reduces the amount of time required to properly secure the server by eliminating operating system hardening and emergency vulnerability patching while simplifying configuration.

Authority also adds a high degree of availability and resiliency to the DNS. It responds to legitimate queries even while under a high volume network attack. And like Secure64 DNS Signer, Authority easily integrates into your existing infrastructure. Authority can directly read existing BIND configuration files and is interoperable with name servers running BIND, NSD or Microsoft Windows DNS software.

 

 

 

 

TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments