Ensure that your Amazon Route 53 registered domains are locked to prevent any unauthorized transfers to another domain name registrar. To secure your domain names transfer, your registered/transferred domains must have the Transfer Lock feature enabled. The feature sets the "clientTransferProhibited" flag which is a registry setting enabled by the registrar to force all transfer requests to be rejected automatically.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Enabling transfer locking for the domain names registered with Amazon Route 53 or transferred to Route 53, will provide an extra protection against domain hijacking.
Audit
To determine if the Transfer Lock feature is enabled for all your registered domains, perform the following actions:
Remediation / Resolution
To reconfigure the domain names registered with Amazon Route 53 in order to enable the Transfer Lock feature, perform the following actions:
References
- AWS Documentation
- Amazon Route 53 FAQs
- Editing Contact Information and Other Settings for a Domain
- Viewing the Status of a Domain Transfer
- AWS Command Line Interface (CLI) Documentation
- route53domains
- list-domains
- get-domain-detail
- enable-domain-transfer-lock