In January 2020, the US Department of Defense (DoD) released the first version of its
Cybersecurity Maturity Model Certification (CMMC) standard. Starting December 2020, DoD
contractors will be required to be accredited to the standard. Comply with DNS Filtering requirements for different
cyber maturity levels with DigitalStakeout PDNS.
Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for DoD
acquisitions. The CMMC framework comes with a CMMC assessment and certification program to
verify the implementation of security requirements, processes and practices.
The CMMC framework contains five maturity processes, 171 cybersecurity best practices, and
progresses across five maturity levels. The CMMC maturity processes standardize consistent,
repeatable, and quality activities. The CMMC practices provide a range of mitigation across the
levels, starting with basic safeguards at Level 1, broad protection at Level 3, and risk
reduction from adversaries with sophisticated levels of expertise and significant resources,
Advanced Persistent Threats (APTs) at Levels 4 and 5.
The CMMC provides a roadmap for organizations doing business with the Department of Defense
(DoD) to increase their security and to protect the DoD supply chain. The CMMC aims to establish
the appropriate levels of security controls, and processes are in place to protect controlled
unclassified information (CUI) on defense contractor systems. The CMMC institutionalizes
cybersecurity and good cyber hygiene in organizations, so cyber defense activities are embedded
or ingrained in an organization’s operations. The CMMC maturity levels set a measure of an
organization’s CMMC institutionalization.
DigitalStakeout Protective DNS will enable you to
achieve compliance at different certification levels.
SC.1.175 requires organizations to “monitor, control, and protect organizational
communications at the external boundaries and key internal boundaries of information
Since the DNS protocol is a fundamental function of system communication, a DNS firewall
enables your organization to protect and control all aspects of DNS communication at
If you require Level 3 of compliance or greater and don’t have a DNS firewall or DNS filtering
protecting static IP sites and remote endpoints, you need to Get
Started with getting DigitalStakeout PDNS deployed.
SC.3.192 requires organizations to implement Domain Name System (DNS) filtering
services. The requirement is security-oriented and not content-oriented. This requirement
intends to reduce the organization’s attack surface and should materially reduce the possible
number of domains and networks DNS will allow. DigitalStakeout PDNS default block policy option,
proprietary zero-trust policy option, and geographic policies properly address this
SC.4.199 requires organizations to utilize threat intelligence to block DNS requests
from reaching malicious domains. With 10+ real-time security intelligence-driven categories,
DigitalStakeout PDNS delivers continuous protection from malicious domains used in ransomware, phishing,
malware, and other cyber threats.
SC.4.229 requires organizations to utilize a URL categorization service and implement
techniques to enforce URL filtering of websites that are not approved by the organization. With
security-oriented content categories, DigitalStakeout PDNS prevents access to high-risk websites such as
Covid-19 scam websites and Pornographic sites. Organizations can create custom block and allow
lists enforce granular control access to a minimal amount of necessary websites to conduct
SC.5.198 requires organizations to configure monitoring systems to record packets
passing through the organization’s Internet network boundaries and other organizationally
defined boundaries. DigitalStakeout PDNS logging assures you maintain compliance with this requirement.
Whether your DNS requests come from a static network or an off-network browser uses DoH, DigitalStakeout PDNS
logs, and stores all DNS requests for review and threat analysis.