(CISA) published Encrypted Domain Name System (DNS) Implementation Guidance for federal civilian agencies to meet requirements related to encryption of DNS traffic and enhance the cybersecurity posture of their information technology networks to align to the Office of Management and Budget (OMB) Memorandum M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles and the National Cybersecurity Strategy.
Traditionally, DNS protocol has not supported methods for ensuring the confidentiality, integrity, or authenticity of requests for information or the responses. M-22-09 specifically calls for agencies to encrypt DNS traffic where technically feasible while statutory mandates require agencies to use CISA’s Protective DNS capability for egress DNS resolution.
This guide will assist agencies with implementation of currently feasible technical capabilities for agency networks, DNS infrastructure, on-premises endpoints, cloud deployments, and roaming, nomadic, and mobile endpoints.
While this guide is intended for federal agencies, all organizations are encouraged to review it as a benchmark for appropriate, applicable steps they can apply to advance their own zero trust efforts.
For more information, please visit: Zero Trust Maturity Model.