7.7: Use of DNS Filtering Services

Sub-control 7.7 states that you must use Domain Name System (DNS) filtering services to help block access to known malicious domains.

Asset Type	Security Function	Implementation Groups
Network	Protect	1, 2, 3

Dependencies

Sub-control 1.5: Maintain Asset Inventory Information

Inputs

Endpoint Inventory: The list of endpoints to be audited. This can pulled sub-control 1.5.
Accepted DNS services: The list of accepted DNS filtering services, such as Quad-9.

Operations

For each endpoint in I1, collect its DNS configuration setting. Note appropriately and inappropriately configured endpoints.

Measures

Measure	Definition
M1 = List of audited endpoints	A list of endpoints to be audited.
M2 = Count of items in M1	A count of the total number of items in M1.
M3 = List of appropriately configured endpoints	A list of endpoints that are configured correctly.
M4 = Count of items in M3	A count of the total number of items in M3.
M5 = List of inappropriately configured endpoints	A list of endpoints that are configured incorrectly.
M6 = Count of items in M5	A count of the total number of items in M5.

Metrics

DNS Filtering Coverage

Metric	Calculation
The ratio of endpoints configured to use accepted DNS filtering service compared to the total number of endpoints which utilize DNS.	M4 / M2

Traffic Analysis

Note: A second measurement could utilize traffic analysis to determine if any traffic is not being sent through the prescribed DNS services.

Copyright © 2023 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.