SC-20: Secure Name/address Resolution Service (authoritative Source)
From NIST's SP800-53:
a. Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and b. Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.PT-4 | Communications and control networks are protected |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1566.002 | Spearphishing Link | Initial Access |
| T1598.002 | Spearphishing Attachment | Reconnaissance |
| T1568 | Dynamic Resolution | Command and Control |
| T1598.003 | Spearphishing Link | Reconnaissance |
| T1566 | Phishing | Initial Access |
| T1071.001 | Web Protocols | Command and Control |
| T1071.003 | Mail Protocols | Command and Control |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1071.002 | File Transfer Protocols | Command and Control |
| T1568.002 | Domain Generation Algorithms | Command and Control |
| T1071 | Application Layer Protocol | Command and Control |
| T1071.004 | DNS | Command and Control |
| T1598 | Phishing for Information | Reconnaissance |
| T1553.004 | Install Root Certificate | Defense Evasion |