DNSSEC Risk Vector: Core Overview Ingrid The DNSSEC Risk Vector determines if a company is using the DNSSEC protocol, which is a public key encryption that authenticates DNS servers, and then assesses the effectiveness of its configuration. Risk Category: Diligence Default Grade: C Current Rating Impact: This vector is currently being evaluated. While it is graded, it does not yet affect your overall Bitsight Security Rating. Finding Lifetime: 60 Days (The duration a finding impacts your grade if no changes occur). Scan Cadence: Automated every 2 weeks (or ~3 days via user-requested rescan) Eligible for Instant Reply? No. While not an industry standard, the DNSSEC risk vector is assessed because it secures DNS resolvers against forged data. By employing public key encryption to sign zones and domains, this technology verifies record authenticity and shields users from malicious redirects during domain name lookups. For more information, see this list of registrars that support end-user DNSSEC management.What is DNSSEC?Domain Name System Security Extensions (DNSSEC) protect users from malicious redirects by using public key encryption to sign DNS records. This ensures that the data your DNS resolver receives is authentic and has not been tampered with. How is the DNSSEC Risk Vector graded?BitSight evaluates DNSSEC based on the strength of the encryption and the validity of the trust chain. Click here to learn more about specific DNSSEC Finding and how they affect your Bitsight rating. June 25, 2025: Finding behavior grouped by rescan statuses. March 25, 2024: “No findings/low findings” changed to “insufficient data.” August 16, 2023: New Grading & Finding Behavior sections. Related to diligence_risk_category dnssec Related articles Web Application Security Risk Vector How is the Web Application Headers Risk Vector Assessed? DMARC Risk Vector: Core Overview What is a Finding Lifetime? Finding Behavior Feedback 0 comments Please sign in to leave a comment.