4.9: Configure Trusted DNS Servers on Enterprise Assets¶

Configure trusted DNS servers on enterprise assets. Example implementations include: configuring assets to use enterprise-controlled DNS servers and/or reputable externally accessible DNS servers.

Asset Type	Security Function	Implementation Groups
Devices	Protect	2, 3

Dependencies¶

Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 4.1: Establish and Maintain a Secure Configuration Process

Inputs¶

GV1: Enterprise asset inventory
GV3: Configuration standard

Operations¶

Use GV1 to identify and enumerate authorizsed DNS servers (M1)
Use GV1 to identify and enumerate assets configured for authorized DNS servers (M2)
Use GV3 to check configuration of DNS servers identified on assets in Operation 2
1. Identify and enumerate assets with DNS servers that are properly configured (M3)
2. Identify and enumerate assets with DNS servers that are improperly configured (M4)

Measures¶

M1 = Count of authorized DNS servers
M2 = Count of enterprise assets configured for DNS servers
M3 = Count of assets with properly configured DNS servers
M4 = Count of assets with improperly configured DNS servers

Metrics¶

Coverage¶

Metric	The percentage of assets with properlyn configured DNS servers
Calculation	`M3 / M2`

4.9: Configure Trusted DNS Servers on Enterprise Assets¶

Dependencies¶

Inputs¶

Operations¶

Measures¶

Metrics¶

Coverage¶

CIS Controls Assessment Specification for Controls v8

Navigation

Related Topics