Use Case 4: Compliance

DNS is an essential part of regulatory compliance

Compliance doesn't have to be complicated

Regulatory compliance is a drag – we get it. That’s why BlueCat’s DNS solutions are built to make it easy to check the compliance box.

Take DNSSEC for example. It’s a requirement of NIST 800-53 (and by extension the RMF, NIST 800-171, and all the other NIST-based standards out there).

Implementing DNSSEC through Microsoft DNS is a pain in the neck. First, you sign a zone and verify that the signing scheme is operating correctly. Then you use “trust anchors” to distribute that signing scheme to the child zones. Unfortunately, those “trust anchors” won’t automatically adjust themselves when the parent zone is re-signed, requiring network administrators to constantly re-distribute “trust anchors” to the child zones when the parent signatures change.

Maybe you use BIND. Welcome to another world of compliance pain. BIND requires a series of onerous command-line changes to configure each server. Generating the DNSSEC keys, attaching them to the relevant machines, and testing the infrastructure takes a lot of time. Then you have to do it for every parent and child server in the network – a significant drain on IT resources.

In BlueCat’s Enterprise DNS platform, implementing DNSSEC is literally as simple as checking a box. It’s that easy.

DNS Based Security: A New Model for FISMA Compliance

That’s just one example of how BlueCat’s DNS solutions simplify regulatory compliance issues – not only for NIST 800-53, but also for the CIS SANS controls, PCI-DSS, HIPAA, FISMA, and the whole rest of the alphabet soup.

Take a look at our eBook if you want additional detail, and then contact us for a conversation about the role of DNS in your regulatory compliance requirements.