9.2: Use DNS Filtering Services
Use DNS filtering services on all enterprise assets to block access to known malicious domains.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Protect |
1, 2, 3 |
Dependencies
Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 4.1: Establish and Maintain a Secure Configuration Process
Inputs
GV1: Enterprise asset inventoryGV5: Authorized software inventoryGV3: Configuration standards
Operations
Use
GV1to identify and enumerate assets that support DNS filtering (M1)Use
GV5to identify and enumerate authorized DNS filtering services- For each asset identified in Operation 1 check to see if it is configured properly
GV3to support authorized DNS filtering services from Operation 2 Identify and enumerate assets properly configured (M2)
Identify and enumerate assets not properly configured (M3)
- For each asset identified in Operation 1 check to see if it is configured properly
Measures
M1 = Count of enterprise assets capable of supporting DNS filtering
M2 = Count of assets properly configured to support DNS filtering
M3 = Count of assets not properly configured to support DNS filtering
Metrics
DNS Filtering Coverage
Metric |
The percentage of assets configured to use authorized DNS filtering services
|
Calculation |
|