NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-20(2)Data Origin and Integrity

Provide data origin and integrity protection artifacts for internal name/address resolution queries.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

None.

Practitioner Notes

Provide data origin and integrity protection for DNS data specifically — ensuring responses are authentic and complete.

Example 1: Enable DNSSEC validation on your recursive resolvers so they verify the cryptographic signatures on DNS responses before passing them to clients. Invalid signatures cause the query to fail rather than return potentially poisoned data.

Example 2: Monitor DNSSEC validation failures in your DNS server logs and forward them to your SIEM. A spike in validation failures could indicate a DNS poisoning attack or a misconfigured upstream zone.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability