SC.4.199 Utilize threat intelligence to proactively block DNS requests from reaching malicious domains.

CMMC Practice SC.4.199: Utilize threat intelligence to proactively block DNS requests from reaching malicious domains.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

As part of collecting threat intelligence from a variety of sources such as government, industry peer organizations, or commercial services, use the known, bad domain names to feed security mechanisms (e.g., DNS servers or firewalls). Implement checks in the organization’s system to ensure devices making DNS calls to malicious sites are blocked from getting to those sites. This practice explicitly requires the use of threat intelligence in its application. This differs from the DNS filtering in practice SC.3.192 that allows for other means of creating the filters.