Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks Special Publication 800 -119 NIST Special Public ation 800 -119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Tec hnology Sheila Frankel Richard Grave man John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899 -8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Sta ndards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 iii Reports on Computer Systems Technology The Information Technology Lab oratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing tec hnical leadership for the nation’s measurement and standards infrastructure. ITL d evelops tests, test methods, referenc e data, proof of concept implementations, and technical analysis to advance the deve lopment and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and g uidelines for the cost -effective security and privacy of sensitive unclassified information in Federal computer sy stems. This Special Publication 800 -series reports on ITL’s research, guidance, and outreach e fforts in computer security and its collaborati ve activities with industry, government, and ac ademic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Sta ndards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the pu rpose. National Institute of Standards and Techn ology Special Publication 800 -119 Natl. Inst. Stand. Technol. Spec. Publ. 800 -119, 188 pages ( Dec. 2010 ) GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 iv Acknowledg ments The authors, Sheila Frankel of the National Institute of Standards and Technology (NIST), Richard Graveman of RFG Security, John Pearce of Booz Allen Hamil ton and Mark Rooks of L -1 Identity Solutions (formerly of Booz Allen Hamilton) wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Tim Grance of NIST for his k een and insightful assistance and encouragement throughout the development of the document. The authors particularly want to thank Mark Carson , Doug Montgomery and Stephen Nightingale of NIST and Scott Hogg for their careful review and valuable contributi ons to improving the quality of this publication. The authors also appreciate the efforts of those individuals, agencies, and other organizations that contributed input during the public comment period, including John Baird, DREN; Alistair de B Clarkson, nCipher; Vint Cerf, Google; John Curran, ARIN; Terr y Davis, Boeing; Francois Donze and Michael Scott Pontillo, HP; Jeffrey Dunn, Chern Liou, and Jeffrey Finke, Mitre; Fernando Gont, the UK Centre for the Protection of National Infrastructure (UK CPNI); Bo b Grillo, US Army; Cecilia Hall, Don Radeke and Joseph Bertrand, USMC; J. Holland, David Leach, Sam Nguyen, M. Ro ed, Beth Scruggs, D. Wellington and Joe Williams, Aerospace Corp.; Ed Jankiewicz, SRI International; Ralph Kenyon, Caida; Lovell King II, Dept. of State; Joe Klein, IPv6 Security Researcher; Dan Lu