DNS Filtering and CMMC Compliance

Comply with DNS Filtering requirements for different cyber maturity levels with DigitalStakeout Securd.

What is the CMMC?

Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for DoD acquisitions. The CMMC framework comes with a CMMC assessment and certification program to verify the implementation of security requirements, processes and practices.

The CMMC framework contains five maturity processes, 171 cybersecurity best practices, and progresses across five maturity levels. The CMMC maturity processes standardize consistent, repeatable, and quality activities. The CMMC practices provide a range of mitigation across the levels, starting with basic safeguards at Level 1, broad protection at Level 3, and risk reduction from adversaries with sophisticated levels of expertise and significant resources, Advanced Persistent Threats (APTs) at Levels 4 and 5.

What The CMMC Accomplishes

The CMMC provides a roadmap for organizations doing business with the Department of Defense (DoD) to increase their security and to protect the DoD supply chain. The CMMC aims to establish the appropriate levels of security controls, and processes are in place to protect controlled unclassified information (CUI) on defense contractor systems. The CMMC institutionalizes cybersecurity and good cyber hygiene in organizations, so cyber defense activities are embedded or ingrained in an organization’s operations. The CMMC maturity levels set a measure of an organization’s CMMC institutionalization.

What is the CMMC Compliance Timetable?

  • The release of the first version of the CMMC was in January 2020.
  • In June 2020, the industry should expect to see CMMC requirements in Requests for Information (RFIs).
  • In September 2020, contractors should see CMMC requirements as part of Requests for Proposals (RFPs).
  • After December 2020, CMMC audits begin. Prime contractors will need to be certified by an accredited Third Party Assessment Organization (C3PAO) to bid on new RFPs.

How Securd Helps You Achieve CMMC Compliance

Let’s review where DigitalStakeout Securd protective DNS will enable you to achieve compliance at different certification levels.

Level 1: Safeguard Federal Contract Information (FCI)

Level 1 (SC.1.175) requires organizations to “monitor, control, and protect organizational communications at the external boundaries and key internal boundaries of information systems.”

Since the DNS protocol is a fundamental function of system communication, a DNS firewall enables your organization to protect and control all aspects of DNS communication at external boundaries.

Level 3: Protect Controlled Unclassified Information (CUI)

If you require Level 3 of compliance or greater and don’t have a DNS firewall or DNS filtering protecting static IP sites and remote endpoints, you need to Get Started with getting Securd deployed.

Level 3 (SC.3.192) requires organizations to implement Domain Name System (DNS) filtering services. The requirement is security-oriented and not content-oriented. This requirement intends to reduce the organization’s attack surface and should materially reduce the possible number of domains and networks DNS will allow. Securd’s default block policy option, patent-pending zero-trust policy option, and geographic policies properly address this requirement.

Levels 4-5: Protect CUI and Reduce Risk of Advanced Persistent Threats (APT)

Level 4 (SC.4.199) requires organizations to utilize threat intelligence to block DNS requests from reaching malicious domains. With 10+ real-time security intelligence-driven categories, Securd delivers continuous protection from malicious domains used in ransomware, phishing, malware, and other cyber threats.

Level 4 (SC.4.229) requires organizations to utilize a URL categorization service and implement techniques to enforce URL filtering of websites that are not approved by the organization. With security-oriented content categories, Securd prevents access to high-risk websites such as Covid-19 scam websites and Pornographic sites. Organizations can create custom block and allow lists enforce granular control access to a minimal amount of necessary websites to conduct business.

Level 5 (SC.5.198) requires organizations to configure monitoring systems to record packets passing through the organization’s Internet network boundaries and other organizationally defined boundaries. Securd DNS logging assures you maintain compliance with this requirement. Whether your DNS requests come from a static network or an off-network browser uses DoH, Securd logs, and stores all DNS requests for review and threat analysis.

Get Started with DNS Filtering for Free

DigitalStakeout offers a free edition of Securd for organizations that need to comply with CMMC filtering requirements. This free DNS service replaces organization’s ISP-provided DNS or an existing recursive DNS service. DigitalStakeout Securd blocks lookups to malicious, compromised, and untrusted domains. Get started with protecting your first 10 endpoints for free and expand your protection with very affordable pricing.