Ensure that your AWS Route 53 registered domains are locked to prevent any unauthorized transfers to another domain name registrar. Your domain names must have the Transfer Lock feature enabled. This feature sets the clientTransferProhibited flag which is a registry setting enabled by the registrar to force all transfer requests to be rejected automatically.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enabling transfer locking for your domain names registered with AWS Route 53 or transferred to AWS Route 53 will provide an extra protection against domain hijacking.
To determine if your domain names have the Transfer Lock feature enabled, perform the following:
Remediation / Resolution
To update your AWS Route 53 domain names configuration and enable transfer locking, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Route 53 Domain Transfer Lock
Risk level: Medium