If you work for a federal agency, you are probably aware of the OMB mandate that requires you to deploy DNSSEC on your external DNS by December 2009. Think you are out of the DNSSEC woods at that point? Think again.
According to a presentation at the recent GovSec conference by Doug Montgomery, Manager Internet Technologies Research Group at NIST, agencies should also be planning how they are going to sign their internal DNS. Why? Because revision 3 of NIST SP 800-53 says they must.
This new revision of the NIST document prescribes DNSSEC deployment for all federal IT systems (low, medium and high impact), which, of course, includes internal DNS systems. Once the initial draft of this document is finalized, which is expected to happen in May 2009, agencies will have one year to comply.
If you are getting the feeling that these folks are serious about DNSSEC, you are right. During the same DNSSEC session at GovSec, Susan Lightman, of the Office of Management and Budget, also indicated that OMB would begin conducting spot checks of agency’s DNSSEC deployment progress beginning in May or June of this year.
If you need help getting up to speed quickly on DNSSEC, sign up to receive our free DNSSEC Survival Kit, available here.
Are you looking for commercial products to help you meet the OMB DNSSEC mandate but don’t know how to distinguish between them? NIST has come to your rescue. Here is the list of 12 questions that NIST recommends that you ask of any DNSSEC vendor:
Secure64 DNS Signer won Government Computer News’ Best of FOSE Award for 2009 security software category. FOSE is the largest annual conference and expo in the Unites States focused on information technology for the federal government. The award recognizes “outstanding and innovative information technology products for government” according to Government Computer News magazine. The award was given to Secure64’s high performing and secure DNSSEC signing application, Secure64 DNS Signer.
Secure64 DNS Signer fully automates Domain Name System Security Extensions (DNSSEC) key generation, key rollover, zone signing and re-signing processes. It reduces deployment and administration costs while eliminating errors that can cause domains to become unavailable. The software also scales to extremely large, dynamic environments by safely keeping DNSSEC signing keys online while providing incremental zone signing and extremely high signing performance.
You can find the full press release here.
Secure64 announced that Qwest Communications has purchased and is deploying its DNS Authority and DNS Signer products in order to increase the secure of Qwest’s Internet infrastructure. According to Melodi Gates, chief information security official at Qwest, “Qwest is implementing Secure64 software because the technology is inherently secure – the security features in the operating system are baked in, not bolted on.”
The full press release can be found here.
Have comments or questions about the content you've read? Please feel free to contact me.
Adam Tice
adam.tice@secure64.com
303-436-2677