SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)

System and Communications Protection

Low Moderate High

Description

The information system that provides name/address resolution service for local clients performs data origin authentication and data integrity verification on the resolution responses it receives from authoritative sources when requested by client systems.

Supplemental Guidance

A resolving or caching domain name system (DNS) server is an example of an information system that provides name/address resolution service for local clients and authoritative DNS servers are examples of authoritative sources. NIST Special Publication 800-81 provides guidance on secure domain name system deployment.

MITRE ATT&CK Techniques (7)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Command & Control 7

Command & Control

T1071 Application Layer Protocol T1568 Dynamic Resolution T1071.001 Web Protocols T1071.002 File Transfer Protocols T1071.003 Mail Protocols T1071.004 DNS T1568.002 Domain Generation Algorithms

Compliance Mappings

CIS Controls v8

CIS 4.9CIS 9.2

ANSSI

Hygiene.23SecNumCloud.14.1

FINMA Circular 2023/1

IV.A(28)IV.C(62)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(a)

EU DORA

Art.9(4)(a)

RBI CSF

Annex1.4

FISC Security Guidelines

FISC.T3

DNB Good Practice

DNB.18.4

SAMA CSF

3.3

NCA ECC

2-5

UAE IA

CBB TM

TM-8

Qatar NIA

CBUAE

CR-7

CBE CSF

CTO-6

SA JS2

JS2-7.2

CBN CSF

Part3.3

BoG CISD

CISD-VI

BoM CTRM

3.2

FFIEC IS

II.C.6

ECB CROE

CROE.2.3.5

SEBI CSCRF

PR.NS

BOT Cyber Resilience

Ch2.4

CMMC 2.0

Solvency II

EIOPA-ICT-4.6

Lloyd's Minimum Standards

MS8.9

HITRUST CSF v11

09.e

BSSC Standards

NOS-04

ISO 17799 (legacy)

None.

COBIT 4.1 (legacy)

None.