CISA published a guide on using Encrypted Domain Name System (DNS) for federal civilian agencies to improve cybersecurity and meet OMB Memorandum M-22-09 requirements.
Traditionally, the DNS protocol didn’t have ways to make sure requests and responses were confidential, secure, or authentic. However, the M-22-09 guideline requires agencies to encrypt DNS traffic and use CISA’s Protective DNS capability for egress DNS resolution. This guide will help agencies implement technical capabilities for their networks, DNS infrastructure, on-premises endpoints, cloud deployments, and mobile devices.
By infosecbulletin
/ Friday , September 13 2024
Intel announced over 20 vulnerabilities in its processors and products in security advisories released on Tuesday. The chip giant has...
Read More
By infosecbulletin
/ Friday , September 13 2024
GitLab released security updates on Wednesday to fix 17 vulnerabilities, including a critical issue that lets attackers run pipeline jobs...
Read More
By infosecbulletin
/ Friday , September 13 2024
Fortinet confirmed a data breach after a threat actor claimed to have stolen 440GB of files from its Microsoft SharePoint...
Read More
By infosecbulletin
/ Thursday , September 12 2024
Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities...
Read More
By infosecbulletin
/ Thursday , September 12 2024
Because of disclosing incorrect and negative data, The Consumer Financial Protection Bureau (CFPB) on Wednesday fined TD Bank, one of...
Read More
By infosecbulletin
/ Thursday , September 12 2024
Bangladesh secure prestigious role-model position in the latest ITU cyber security index published by ITU. Bangladesh ranks among the top...
Read More
By infosecbulletin
/ Thursday , September 12 2024
Threatdown Managed Detection and Response (MDR) team has discovered the RansomHub ransomware gang using a new attack method wityh two...
Read More
By infosecbulletin
/ Wednesday , September 11 2024
India is to make 5,000 cyber commandos over the next five years to deal with cybercrimes in India, said Home...
Read More
By infosecbulletin
/ Wednesday , September 11 2024
In August, Cybersecurity researchers identified 21 new ransomware variants that threaten indivisual and business. Cybercriminals are improving their tactics, making...
Read More
By infosecbulletin
/ Wednesday , September 11 2024
Microsoft patched September 2024 Tuesday addressing 79 vulnerabilities, including four actively exploited zero-days which covers critical flaws in Windows Installer,...
Read More
“As the operational lead for federal cybersecurity, CISA developed this guide to assist federal agencies with understanding and implementing key actions and protocols to begin encrypting DNS traffic,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “This guide will help agencies progress further in their zero trust security journey. CISA continues our efforts and collaboration with agencies to modernize federal agency cybersecurity successfully and securely.”
This document provides resources to help agency personnel understand the requirements and engage in the transition work. It includes a high-level implementation checklist, recommendations for phased implementation, and technical guidance. Implementing encrypted DNS will align civilian agencies’ security architecture with zero trust principles.
This guide is for federal agencies, but all organizations are encouraged to use it as a benchmark for applying zero trust efforts.