CMMC Practice SC.3.192

Implement Domain Name System (DNS) filtering services.

Source

CMMC Version 1.02, pg. 265

Bold Coast Security Guidance

Internet filtering technology is readily available to ensure your users are protected from malicious and/or inappropriate content without the burden of choice. These can be stand-alone systems, or part of a subscription from your firewall or anti-malware vendor. In any case, configuration consists of blacklists, explicitly disallowed sites and services; and whitelisting, explicitly allowed sites and services. For Level 3 compliance, there must be a formal plan to enact formally documented policy statements.

Discussion From Source

CIS CONTROLS V7.1 Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems. Web browsers and email clients are very common points of entry and attack because of their technical complexity , flexibility, and their direct interaction with users and with other systems and websites. Content can be crafted to entice or spoof users into taking actions that greatly increase risk and allow introduction of malicious code, loss of valuable data, and other attacks. Since these applications are the main means that users interact with untrusted environments, these are potential targets for both code exploitation and social engineering. This practice is based on the following CIS control: 7.7 Use Domain Name System (DNS) filtering services to help block access to known malicious domains.

References