CMMC Compliance for DNS Filtering

In January 2020, the US Department of Defense (DoD) released the first version of its Cybersecurity Maturity Model Certification (CMMC) standard. Starting December 2020, DoD contractors will be required to be accredited to the standard. Comply with DNS Filtering requirements for different cyber maturity levels with DigitalStakeout PDNS.

What is the CMMC?

Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for DoD acquisitions. The CMMC framework comes with a CMMC assessment and certification program to verify the implementation of security requirements, processes and practices.

The CMMC framework contains five maturity processes, 171 cybersecurity best practices, and progresses across five maturity levels. The CMMC maturity processes standardize consistent, repeatable, and quality activities. The CMMC practices provide a range of mitigation across the levels, starting with basic safeguards at Level 1, broad protection at Level 3, and risk reduction from adversaries with sophisticated levels of expertise and significant resources, Advanced Persistent Threats (APTs) at Levels 4 and 5.

What The CMMC Accomplishes

The CMMC provides a roadmap for organizations doing business with the Department of Defense (DoD) to increase their security and to protect the DoD supply chain. The CMMC aims to establish the appropriate levels of security controls, and processes are in place to protect controlled unclassified information (CUI) on defense contractor systems. The CMMC institutionalizes cybersecurity and good cyber hygiene in organizations, so cyber defense activities are embedded or ingrained in an organization’s operations. The CMMC maturity levels set a measure of an organization’s CMMC institutionalization.

The CMMC provides a roadmap for organizations doing business with the Department of Defense
                            (DoD) to increase their security and to protect the DoD supply chain

What is the CMMC Compliance Timetable?

  • The release of the first version of the CMMC was in January 2020.
  • In June 2020, the industry should expect to see CMMC requirements in Requests for Information (RFIs).
  • In September 2020, contractors should see CMMC requirements as part of Requests for Proposals (RFPs).
  • After December 2020, CMMC audits begin. Prime contractors will need to be certified by an accredited Third Party Assessment Organization (C3PAO) to bid on new RFPs.

How DigitalStakeout PDNS Helps You Achieve CMMC Compliance

DigitalStakeout Protective DNS will enable you to achieve compliance at different certification levels.

Level 1: Safeguard Federal Contract Information (FCI)

Level 1 - SC.1.175

SC.1.175 requires organizations to “monitor, control, and protect organizational communications at the external boundaries and key internal boundaries of information systems.”

Since the DNS protocol is a fundamental function of system communication, a DNS firewall enables your organization to protect and control all aspects of DNS communication at external boundaries.

Level 3: Protect Controlled Unclassified Information (CUI)

If you require Level 3 of compliance or greater and don’t have a DNS firewall or DNS filtering protecting static IP sites and remote endpoints, you need to Get Started with getting DigitalStakeout PDNS deployed.

Level 3 - SC.3.192

SC.3.192 requires organizations to implement Domain Name System (DNS) filtering services. The requirement is security-oriented and not content-oriented. This requirement intends to reduce the organization’s attack surface and should materially reduce the possible number of domains and networks DNS will allow. DigitalStakeout PDNS default block policy option, proprietary zero-trust policy option, and geographic policies properly address this requirement.

Levels 4-5: Protect CUI and Reduce Risk of Advanced Persistent Threats (APT)

Level 4 - SC.4.199

SC.4.199 requires organizations to utilize threat intelligence to block DNS requests from reaching malicious domains. With 10+ real-time security intelligence-driven categories, DigitalStakeout PDNS delivers continuous protection from malicious domains used in ransomware, phishing, malware, and other cyber threats.

Level 4 - SC.4.229

SC.4.229 requires organizations to utilize a URL categorization service and implement techniques to enforce URL filtering of websites that are not approved by the organization. With security-oriented content categories, DigitalStakeout PDNS prevents access to high-risk websites such as Covid-19 scam websites and Pornographic sites. Organizations can create custom block and allow lists enforce granular control access to a minimal amount of necessary websites to conduct business.

Level 5 - SC.5.198

SC.5.198 requires organizations to configure monitoring systems to record packets passing through the organization’s Internet network boundaries and other organizationally defined boundaries. DigitalStakeout PDNS logging assures you maintain compliance with this requirement. Whether your DNS requests come from a static network or an off-network browser uses DoH, DigitalStakeout PDNS logs, and stores all DNS requests for review and threat analysis.