Back

Configure the network to limit zone transfers to trusted servers.


CONTROL ID
01876
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Secure the Domain Name System., CC ID: 00540

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Network access controls are implemented to limit traffic within and between network segments to only those that are required for business purposes. (Security Control: 1182; Revision: 3, Australian Government Information Security Manual, March 2021)
  • The organization should implement network access controls to limit the traffic in and between network segments to only the ones required for business. (Control: 1182, Australian Government Information Security Manual: Controls)
  • Does the system disable zone transfers, except from authorized hosts? (App Table Active Content Filtering Row 2.f, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Limit zone transfers to trusted servers. (§ 3-15, MasterCard Electronic Commerce Security Architecture Best Practices, April 2003)
  • Internal Domain Name Server servers should be configured to forward non-resolved requests to a Domain Name Server located on a protected Demilitarized Zone. (Critical Control 19.6, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • Network environments shall be designed and configured to restrict connections between trusted and untrusted networks and reviewed at planned intervals, documenting the business justification for use of all services, protocols, and ports allowed, including rationale or compensating controls implement… (SA-08, The Cloud Security Alliance Controls Matrix, Version 1.3)
  • Are internal addresses allowed to enter the router from internal interfaces only? (IT - Routers Q 43, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • When transferring information between different security domains, prevent the transfer of failed content to the receiving domain. (AC-4(31) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • When transferring information between different security domains, prevent the transfer of failed content to the receiving domain. (AC-4(31) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)