SFC: DNS Registrar | Security Alliance — Security Checklist

Domain registration security, DNS configuration, access control, and monitoring.
Org:
Owner:
Date:

1. Governance & Domain Management

  • Domain Security Owner
    Is there a clearly designated person or team accountable for domain security?
  • Domain Inventory and Documentation
    Do you maintain a complete, current record of all your domains and their configurations?
Notes:

2. Risk Assessment & Classification

  • Domain Classification and Compliance
    Do you classify your domains by risk level and verify they meet the security requirements for their classification?
  • Enterprise Registrar Security Requirements
    Do you use a registrar with enterprise-grade security for your critical domains?
Notes:

3. Access Control & Authentication

  • Registrar Access Control
    Do you control and secure access to domain registrar and DNS management accounts?
  • Dedicated Domain Security Contact Email
    Is your domain security contact email independent of the domains it protects?
  • Change Management for Domain Operations
    Do you have change management procedures for critical domain operations?
Notes:

4. Technical Security Controls

  • DNS Security Standards
    Do you enforce DNS security standards across all your domains?
  • Email Authentication Standards
    Do you enforce email authentication standards and monitor for violations?
  • Domain Lock Implementation
    Do you use domain locks to prevent unauthorized transfers and changes?
  • TLS Certificate Lifecycle Management
    Do you manage the full lifecycle of your TLS certificates?
Notes:

5. Monitoring & Detection

  • Domain and DNS Monitoring
    Do you monitor your domains for unauthorized changes to DNS records, registration status, and security settings?
  • Certificate Transparency Monitoring
    Do you monitor Certificate Transparency logs for unauthorized certificates issued for your domains?
  • Domain Expiration Prevention
    Do you actively prevent domain expiration?
Notes:

6. Incident Response

  • Alerting and Emergency Contacts
    Do you have alerting and emergency contacts in place for domain security incidents?
  • Domain Incident Response Plan
    Do you have an incident response plan for domain hijacking and DNS compromise?
Notes: