Hi All,
The NSA just published Selecting a Protective DNS Service.
Due to the centrality of DNS for cybersecurity, the Department of Defense (DoD) included DNS filtering as a requirement
in its Cybersecurity Maturity Model Certification (CMMC) standard (SC.3.192). The Cybersecurity and Infrastructure
Security Agency issued a memo and directive requiring U.S. government organizations to take steps to mitigate related
DNS issues. Additionally, the National Security Agency has published guidance documents on defending DNS [1, 2, 3].
This guidance outlines the benefits and risks of using a protective DNS service and assesses several commercial PDNS
providers based on reported capabilities. The assessment is meant to serve as information for organizations, not as
recommendations for provider selection. Users of these services must evaluate their architectures and specific needs
when choosing a service for PDNS and then validate that a provider meets those needs.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------