NIST, in collaboration with Sparta, DHS and the dnssec-deployment.org initiative, host occasional hands-on, policy-to-practice, DNS security workshops for USG DNS operators. The workshops are aimed to help USG network operators understand, pilot and deploy DNSSEC technologies in accordance with recent NIST technical guidance and FISMA policies. Participants will be lead through hands-on tutorials on the technologies, tools, policies and practices necessary for successful DNSSEC deployment in .gov domains. As part of the workshops, participants will establish pilot domains in the standing Secure Naming Infrastructure Pilot (SNIP) testbed (http://www.dnsops.gov). It is envisioned that USG DNS operators will continue to participate in the SNIP testbed activities following the workshop.
In December 2006, the U.S. National Institute of Standards and Technology (NIST) has announced the release of Special Publication 800-53, Revision 1, Recommended Security Controls for Federal Information Systems. The guidance includes a plan for staged deployment of DNSSEC technology within federal IT systems, and specifies the mandatory minimum security controls necessary to comply with Federal Information Processing Standards (FIPS) required by the FISMA legislation. A revision of Special Publication 800-53A Guide for Assessing the Security Controls in Federal Information Systems (third public draft) that addresses corresponding DNSSEC assessment guides is currently under development.
The most recent workshop was held on the NIST campus in May 2008. The next workshop does not have a date yet, but is projected to be in Fall of 2008. If you are instrested in future workshops, potential participants should send an email to mailto:dnssec-workshop@antd.nist.gov
Advance knowledge of DNSSEC is not required, but basic knowledge of DNS, BIND, and Linux will be assumed. It is helpful (but not required) that attendees to be familiar with the following:
First Day
Securing Zone Transfers using TSIG
DNSSEC key generation
Zone Signing and forming chains of authentication
Day Two
Key rollovers
Tool demos and DNSSEC enabled application presentations
Participates are urged to send an email to: dnssec-workshop@antd.nist.gov with the following information:
Name
Affiliation
Contact information (phone and email is sufficient)
Zones under administration
US Citizenship Status (for NIST visitor badge)
Last updated 16/06/2008. Questions
or comments should be sent to dnssec-workshop@antd.nist.gov