- September 11, 2023: Separated finding messages.
- April 19, 2023: 2023 RAU risk category weight adjustment.
- October 20, 2021: Ratings Algorithm Update 2021.
For the DNSSEC risk vector, we look at a variety of criteria when determining the effectiveness of a Domain Name System Security Extensions (DNSSEC) record. Without DNSSEC configured, some data from the DNS server may not be secure.
Though DNSSEC is not standard in the industry, this risk vector is evaluated since DNSSEC protects DNS resolvers from receiving bad data by using public key encryption to sign domains or other zones to ensure authenticity of records. In short, this technology helps to protect everyday users from malicious redirects when looking up domain names. Refer to the list of registrars that support end-user DNSSEC management.
|Field||Description||Details & Values|
|Finding Behavior||How findings behave, depending on the action taken.||Impact is immediate.|
|Lifetime||The number of days a finding will impact the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period.||60 Days|
|No Findings||The letter grade if there are no findings for this risk vector.||
– “C (Beta)” Letter Grade
This risk vector does not currently affect security ratings. It is being evaluated for a period before being factored into Bitsight Security Ratings.
|Refresh||The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated.|
|Automated Scan Duration||The duration of a regularly scheduled finding refresh, as the Bitsight platform checks for new observations.||2 Weeks|
|User-Requested Refresh Duration||The duration of a user-requested refresh, which initiates a refresh of eligible findings upon request. This is recommended when a change in the finding is expected, such as when a finding has been remediated.||1 Business Day|
|Weight||Out of 70.5% in Diligence.||Not Applicable|
DNSSEC findings are evaluated and then graded as GOOD, WARN, BAD, or NEUTRAL. See finding messages: