The Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) have released the IT Sector Risk Management (ITSRM) Strategy for Domain Name Resolution Services.
The risk management strategy is the result of a collaborative partnership between government and private-sector operators of Domain Name Services (DNS) and its supporting infrastructure.
“The DNS is a critical asset to Internet communications, and collaboration between government and private sector stakeholders is essential to protect it from threats,” said Bobbie Stempfley, Acting Assistant Secretary for Cyber Security and Communications. “Because the DNS serves the vital function of converting domain names into Internet Protocol (IP) addresses for every external-facing Web server, e-mail server, or other network device registered on the Internet, collaborative efforts to mitigate risks to the integrity of the system – like the Strategy released today – are imperative to the security of all online activities across the globe.”
The Strategy outlines response and mitigation methods for the three DNS risks of concern identified in the 2009 baseline IT Sector Risk Assessment, and are designed for organizations, government agencies, and companies that are involved in operating DNS services or that provide Internet security services.
To address concerns regarding mismanagement of data files or logs, improper disposal, or destruction of hard drives, the Strategy recommends:
- Promoting policies and best practices designed to limit information disclosure while restricting domain naming to known and trusted partners;
- Implementing DNS data and configuration practices; and
- Enhancing training and education initiatives that focus on data file misuse, both intentional and unintentional.