Minds!+!Machines! DNSSEC!Practice!Statement!!
Total Page:16
File Type:pdf, Size:1020Kb
! ! ! ! ! ! ! ! Minds!+!Machines! DNSSEC!Practice!Statement!! ! Version(1.1! !! October(5,(2013!! !!! !!! !!! !! !! !! !! !! !! !! !!! !!! Abstract!!! !!! This!document!is!the!DNSSEC!Practice!Statement,!it!states!the!practices!and!provisions!that!are!employed!in! providing!Zone!Signing!and!Zone!distribution!services!that!include,!but!are!not!limited!to,!issuing,!managing,! changing,!and!distributing!DNS!keys.!Minds!+!Machines!is!the!delegated!registry!operator!for!the!zone!under! contract!with!the!Internet!Corporation!for!Assigned!Names!and!Numbers.!!! !!! Copyright!Notice!!! !!! Copyright!(c)!2013!Minds!+!Machines.!All!rights!reserved.!!! ! ! !!! !(!! Minds!+!Machines!! 32!Nassau!St.! Dublin!2! Ireland! ! www.mindsandmachines.com!!! ! Table(of(Contents! 1.# INTRODUCTION#.....................................................................................................................................#6# 1.1.# Overview#........................................................................................................................................#6# 1.2.# Document#Name#and#Identification#...............................................................................................#7# 1.3.# Community#and#Applicability#.........................................................................................................#7# 1.3.1.# Zone#Manager#.........................................................................................................................#7# 1.3.2.# Zone#Administrator#.................................................................................................................#7# 1.3.3.# Zone#Maintainer#......................................................................................................................#7# 1.3.4.# Server#Operators#.....................................................................................................................#7# 1.3.5.# Zone#Key#Signing#Key#Operator#...............................................................................................#7# 1.3.6.# Zone#Signing#Key#Operator#......................................................................................................#7# 1.3.7.# Child#zone#manager#.................................................................................................................#8# 1.4.# Specification#Administration#..........................................................................................................#8# 1.4.1.# Specification#administration#organization#..............................................................................#8# 1.4.2.# Contact#Information#................................................................................................................#8# 1.4.3.# Specification#change#procedures#............................................................................................#8# 2.# PUBLICATION#AND#REPOSITORIES#........................................................................................................#9# 2.1.# Repositories#...................................................................................................................................#9# 2.2.# Publication#of#key#signing#keys#.......................................................................................................#9# 2.3.# Access#controls#on#repositories#......................................................................................................#9# 3.# OPERATIONAL#REQUIREMENTS#............................................................................................................#9# 3.1.# Meaning#of#domain#names#............................................................................................................#9# 3.2.# Activation#of#DNSSEC#for#child#zone#...............................................................................................#9# 3.3.# Identification#and#authentication#of#child#zone#manager#............................................................#10# 3.4.# Registration#of#delegation#signer#(DS)#records#.............................................................................#10# 3.5.# Removal#of#DS#record#...................................................................................................................#10# 3.5.1.# Who#can#request#removal#.....................................................................................................#10# 4.# FACILITY,#MANAGEMENT#AND#OPERATIONAL#CONTROLS#.................................................................#10# 4.1.# Physical#Controls#..........................................................................................................................#10# 4.1.1.# Site#location#and#construction#..............................................................................................#10# 4.1.2.# Physical#access#......................................................................................................................#10# 4.1.3.# Power#and#air#conditioning#...................................................................................................#11# 4.1.4.# Water#exposures#...................................................................................................................#11# 4.1.5.# Fire#prevention#and#protection#.............................................................................................#11# 4.1.6.# Media#storage#.......................................................................................................................#11# 4.1.7.# Waste#disposal#......................................................................................................................#11# 4.1.8.# Off_site#backup#......................................................................................................................#11# 4.2.# Procedural#Controls#.....................................................................................................................#11# 4.2.1.# Trusted#roles#.........................................................................................................................#11# 4.2.2.# Number#of#persons#required#per#task#...................................................................................#12# 4.2.3.# Identification#and#authentication#for#each#role#....................................................................#12# 4.2.4.# Tasks#requiring#separation#of#duties#.....................................................................................#12# 4.3.# Personnel#Controls#.......................................................................................................................#12# 4.3.1.# Qualifications,#experience,#and#clearance#requirements#......................................................#12# 4.3.2.# Background#check#procedures#..............................................................................................#13# 4.3.3.# Training#requirements#...........................................................................................................#13# 4.3.4.# Retraining#frequency#and#requirements#...............................................................................#13# 4.3.5.# Job#rotation#frequency#and#sequence#...................................................................................#14# 4.3.6.# Sanctions#for#unauthorized#actions#.......................................................................................#14# 4.3.7.# Contracting#personnel#requirements#....................................................................................#14# 4.3.8.# Documentation#supplied#to#personnel#.................................................................................#14# 4.4.# Audit#Logging#Procedures#............................................................................................................#14# 4.4.1.# Types#of#events#recorded#......................................................................................................#14# 4.4.2.# Frequency#of#processing#log###................................................................................................#15# 4.4.3.# Retention#period#for#audit#log#...............................................................................................#15# 4.4.4.# Protection#of#audit#log#..........................................................................................................#15# 4.4.5.# Audit#log#backup#procedures#................................................................................................#15# 4.4.6.# Audit#collection#system#.........................................................................................................#15# 4.4.7.# Notification#to#event_causing#subject#...................................................................................#15# 4.4.8.# Vulnerability#assessments#.....................................................................................................#16# 4.5.# Compromise#and#Disaster#Recovery#............................................................................................#16# 4.5.1.# Incident#and#compromise#handling#procedures#...................................................................#16# 4.5.2.# Corrupted#computing#resources,#software,#and/or#data#......................................................#16# 4.5.3.# Entity#private#key#compromise#procedures#..........................................................................#16# 4.5.4.# Business#Continuity#and#IT#Disaster#Recovery#Capabilities#...................................................#16#