7.7: Use of DNS Filtering Services
Sub-control 7.7 states that you must use Domain Name System (DNS) filtering services to help block access to known malicious domains.
Asset Type | Security Function | Implementation Groups |
---|---|---|
Network | Protect | 1, 2, 3 |
Dependencies
- Sub-control 1.5: Maintain Asset Inventory Information
Inputs
-
Endpoint Inventory: The list of endpoints to be audited. This can pulled sub-control 1.5.
-
Accepted DNS services: The list of accepted DNS filtering services, such as Quad-9.
Operations
-
For each endpoint in I1, collect its DNS configuration setting. Note appropriately and inappropriately configured endpoints.
Measures
Measure | Definition |
---|---|
M1 = List of audited endpoints |
A list of endpoints to be audited. |
M2 = Count of items in M1 |
A count of the total number of items in M1. |
M3 = List of appropriately configured endpoints | A list of endpoints that are configured correctly. |
M4 = Count of items in M3 | A count of the total number of items in M3. |
M5 = List of inappropriately configured endpoints | A list of endpoints that are configured incorrectly. |
M6 = Count of items in M5 | A count of the total number of items in M5. |
Metrics
DNS Filtering Coverage
Metric | Calculation |
---|---|
The ratio of endpoints configured to use accepted DNS filtering service compared to the total number of endpoints which utilize DNS. | M4 / M2 |
Traffic Analysis