[dnssec-coord] HKMA developed a Cyber Fortification Initiative (CFI) which demands DNSSEC

Daniel Stirnimann daniel.stirnimann at switch.ch
Wed Dec 7 05:22:57 PST 2016

Dear all,

I have been made aware that the Hong Kong Monetary Authority (HKMA) has
developed a Cyber Fortification Initiative (CFI). As far as I know this
document applies to financial institutions in Hong Kong only.

One component of this initiative, the Cyber Resilience Assessment
Framework (C-RAF) has a list of security controls and one of them is:

"Domain Name System Security Extensions (DNSSEC) is deployed across the

I'm not sure if the above states that DNSSEC validation is needed or
that the enterprise needs to sign their zones. In any case, this seems
to have already made the rounds to some Swiss banks which are doing
business in Hong Kong and which are now looking into DNSSEC signing
their zone (or at least their .hk domain).

Daniel, SWITCH

More information about the dnssec-coord mailing list