Karen Evans sent out the new OMB Memo 08-23 which requires secure DNS. Agencies need to submit a plan by September 5th for how they can plan the switchover by the end of 2009. Here are some snippets of what OMB is mandating (comes from the memo):
The Federal Government will deploy DNSSEC to the top level .gov domain by January 2009. The top level .gov domain includes the registrar, registry, and DNS server operations. This policy requires that the top level .gov domain will be DNSSEC signed and processes to enable secure delegated sub-domains will be developed. Signing the top level .gov domain is a critical procedure necessary for broad deployment of DNSSEC, increases the utility of DNSSEC, and simplifies lower level deployment by agencies.
Your agency must now develop a plan of action and milestones for the deployment of DNSSEC to all applicable information systems. Appropriate DNSSEC capabilities must
be deployed and operational by December 2009. The plan should follow recommendations in NIST Special Publication 800-81 “Secure Domain Name System (DNS) Deployment Guide,” and address the particular requirements described in NIST Special Publication 800-53r1 “Recommended Security Controls for Federal Information Systems.”
I do applaud the new requirement but it seems like having less than 15 months to make all this happen seems a little aggressive; I hope we all can pull it off. By pushing secure DNS at the government side the rest of the commercial sector might follow suit soon, too.Original Link