CMMC Practice SC.4.199

Utilize threat intelligence to proactively block DNS requests from reaching malicious domains.


CMMC Version 1.02, pg. 270

Bold Coast Security Guidance

This practice is going to have some automated and manual components. Several vendors offer managed services for which blacklists are integral to avoiding danger. Also, threat intelligence sources will produce more industry-specific examples, more current or related to specific incidents happening at organizations that participate in an information sharing practice which includes membership in an ISAC. Specific to this industry, membership in the ND-ISAC is a must at this level of maturity. This practice at Level 4 requires formal policy and plans to enact the policy requirements, as well as measurements of the controls to ensure they are performing as intended.

Discussion From Source

CMMC Threat intelligence can provide information on known, bad domain names. Using that information to prevent access by blocking DNS requests for those domains is one way to prevent an organization from being attacked with watering hole attacks or malicious downloads.