US Government Users

References specifically for US government users of ISC open source

ISC is a Small Business open source software provider; we author and maintain BIND 9, ISC DHCP, and Kea DHCP, essential software that handles DNS and DHCP functionality across the Internet. Our software is the foundation for most of the domain name service and IP-address assignment on the Internet today. ISC can benefit the US government through our support and maintenance of your mission-critical Internet infrastructure.

According to The National Cyber Strategy of the United States of America, dated September 2018, “The responsibility to secure Federal networks — including Federal information systems and national security systems — falls squarely on the Federal Government.” (p. 6) “Information and communications technology (ICT) underlies every sector in America. ICT providers are in a unique position to detect, prevent, and mitigate risk before it impacts their customers, and the Federal Government must work with these providers to improve ICT security and resilience in a targeted and efficient manner.” (p. 9)

Executive Order 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, issued May 11, 2017, states that “Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security-specific configuration guidance.” In addition, the same document declares that “Agency heads will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data.”

Can you and your agency afford NOT to purchase maintenance and support services from ISC?

Several federal, state, and local government agencies and organizations already purchase software support services from ISC, because they know they can trust us to provide the security assistance they need.

How can ISC help the US government secure its mission-critical communications infrastructure?

One of our most valuable services, and one for which we are the sole source, is our Advance Security Notification (ASN) to alert subscribers to discovered vulnerabilities in ISC software.

The BIND 9 Security Vulnerability Matrix gives a detailed list of all known vulnerabilities in current versions of BIND 9. ASN subscribers receive advance notification of these vulnerabilities, which offers them valuable time to address any potential weaknesses before they become known to the general public.

We offer complete technical support services, including DNS audits and DNS/DHCP training. As the author, maintainer, and publisher of BIND 9, ISC DHCP, and Kea DHCP, we are the sole source that is capable of performing some of these services.

Please view ISC’s Capability Statement for more information, including our CAGE and NAICS codes.

Other references pertaining specifically to US government open source users

You may find some of these other sites and documents useful when considering ISC as a government partner.

Network Infrastructure Security Technical Implementation (STIG) Overview, 2 January 2019 (note discussion of IP-addressing approaches)

Domain Name System (DNS) Security Requirements Guide (SRG) 01/05/2015

DoD Open Source Software (OSS) FAQ web page:

“Open source software that has at least one non-governmental use, and has been or is available to the public, is commercial software. If it is already available to the public and is used unchanged, it is usually COTS.”

BIND DNS STIG, October 1, 2015

Google Group (mailing list) for Military Open Source Software