Meet the OMB Mandate & FISMA Requirements
OMB mandate M-08-23 requires every U.S. federal government IT organization to deploy DNSSEC on the external network and current FISMA requirements extend its use to the internal network. While the scale and impact of DNSSEC deployment varies depending on your organization’s infrastructure, the complexity, cost, and risk associated with meeting this national security-driven mandate is on everyone’s mind.
If you’re planning to deploy DNSSEC, your checklist should include:
- Reducing DNSSEC deployment and ongoing administration costs
- Eliminating the risk of catastrophic failure due to human error
- Minimizing the impact on existing DNS infrastructure
- Completing the deployment in weeks rather than months
- Meeting the NIST SP 800-81 recommended guidelines for a secure DNS.
 |
 FIPS 140-2 Inside
|
 |
DNSSEC Made Simple & Secure
Manual DNSSEC implementation
is complex, time consuming, and error-prone. Sometimes it requires
programming and system integration skills that may not reside within
your IT organization. Secure64 DNS Signer was developed using a grant
from the Department of Homeland Security. It fully automates DNSSEC
quickly, correctly and securely. Simply plug Signer into your existing
infrastructure, add a single statement to the configuration file, and
your zones are signed.
Signer supports multiple deployment
architectures. It is fully compatible with Secure64 DNS Authority, BIND,
NSD, and Microsoft Windows DNS masters and slaves. And no matter how
big or how dynamic your DNS environment, Signer can handle the load.
Signer
is ready for deployment in government infrastructures. It’s the only
FIPS 140-2 level 2 compliant product that’s also IPv6 certified. What’s
more, the product received the Best in FOSE award in 2009.
DNS Signer
is a product you can trust to protect citizens against cache poisoning
attacks. Perhaps that’s why we have the largest federal government
installed base, including the Departments of Commerce, Interior and
Labor.
Make Yourself an Authority
Secure64 also offers a DNS Authority software appliance to provide easy compliance with NIST SP 800-81 guidelines for a secure authoritative name server. Authority reduces the amount of time required to properly secure the server by eliminating operating system hardening and emergency vulnerability patching while simplifying configuration.
Authority also adds a high degree of availability and resiliency to the DNS. It responds to legitimate queries even while under a high volume network attack. And like Secure64 DNS Signer, Authority easily integrates into your existing infrastructure. Authority can directly read existing BIND configuration files and is interoperable with name servers running BIND, NSD or Microsoft Windows DNS software.
|
|
|
|
|
TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments