In January 2020, the US Department of Defense (DoD) released the first version of its Cybersecurity Maturity Model Certification (CMMC) standard. Starting December 2020, DoD contractors will be required to be accredited to the standard. Comply with DNS Filtering requirements for different cyber maturity levels with DigitalStakeout PDNS.
Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for DoD acquisitions. The CMMC framework comes with a CMMC assessment and certification program to verify the implementation of security requirements, processes and practices.
The CMMC framework contains five maturity processes, 171 cybersecurity best practices, and progresses across five maturity levels. The CMMC maturity processes standardize consistent, repeatable, and quality activities. The CMMC practices provide a range of mitigation across the levels, starting with basic safeguards at Level 1, broad protection at Level 3, and risk reduction from adversaries with sophisticated levels of expertise and significant resources, Advanced Persistent Threats (APTs) at Levels 4 and 5.
The CMMC provides a roadmap for organizations doing business with the Department of Defense (DoD) to increase their security and to protect the DoD supply chain. The CMMC aims to establish the appropriate levels of security controls, and processes are in place to protect controlled unclassified information (CUI) on defense contractor systems. The CMMC institutionalizes cybersecurity and good cyber hygiene in organizations, so cyber defense activities are embedded or ingrained in an organization’s operations. The CMMC maturity levels set a measure of an organization’s CMMC institutionalization.
DigitalStakeout Protective DNS will enable you to achieve compliance at different certification levels.
SC.1.175 requires organizations to “monitor, control, and protect organizational communications at the external boundaries and key internal boundaries of information systems.”
Since the DNS protocol is a fundamental function of system communication, a DNS firewall enables your organization to protect and control all aspects of DNS communication at external boundaries.
If you require Level 3 of compliance or greater and don’t have a DNS firewall or DNS filtering protecting static IP sites and remote endpoints, you need to Get Started with getting DigitalStakeout PDNS deployed.
SC.3.192 requires organizations to implement Domain Name System (DNS) filtering services. The requirement is security-oriented and not content-oriented. This requirement intends to reduce the organization’s attack surface and should materially reduce the possible number of domains and networks DNS will allow. DigitalStakeout PDNS default block policy option, proprietary zero-trust policy option, and geographic policies properly address this requirement.
SC.4.199 requires organizations to utilize threat intelligence to block DNS requests from reaching malicious domains. With 10+ real-time security intelligence-driven categories, DigitalStakeout PDNS delivers continuous protection from malicious domains used in ransomware, phishing, malware, and other cyber threats.
SC.4.229 requires organizations to utilize a URL categorization service and implement techniques to enforce URL filtering of websites that are not approved by the organization. With security-oriented content categories, DigitalStakeout PDNS prevents access to high-risk websites such as Covid-19 scam websites and Pornographic sites. Organizations can create custom block and allow lists enforce granular control access to a minimal amount of necessary websites to conduct business.
SC.5.198 requires organizations to configure monitoring systems to record packets passing through the organization’s Internet network boundaries and other organizationally defined boundaries. DigitalStakeout PDNS logging assures you maintain compliance with this requirement. Whether your DNS requests come from a static network or an off-network browser uses DoH, DigitalStakeout PDNS logs, and stores all DNS requests for review and threat analysis.