CISA Reveals Guidance For Implementation of Encrypted DNS Protocols

Posted by Peter Tolan 2 years Ago

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive document titled “Encrypted DNS Implementation Guidance,” providing detailed instructions for government agencies to enhance their cybersecurity through the adoption of encrypted Domain Name System (DNS) protocols.

Aligned with Memorandum M-22-09 from the Office of Management and Budget (OMB), which outlines a “zero trust” cybersecurity strategy for departments within the Federal Civilian Executive Branch (FCEB), this guidance aims to ensure that federal agencies meet the federal requirements for encrypting DNS data.

Key Points:

  • Released in April 2024, the document offers extensive guidance on complying with federal mandates regarding the encryption of DNS data.
  • Emphasizing the use of CISA’s Protective DNS feature for all outgoing DNS resolution, in accordance with M-22-09 and 6 U.S.C. § 663 Note, Agency Responsibilities.
  • The guidelines assist agency network professionals in leveraging cutting-edge technology tools to safeguard DNS infrastructure.
  • OMB’s Memorandum M-22-09, issued on January 26, 2022, supports Executive Order 14028, “Improving the Nation’s Cybersecurity,” by requiring all DNS traffic within FCEB agencies to be encrypted by FY24.
  • The guidance outlines a checklist for agency implementation, detailing essential rules and recommended methods for encrypting DNS data and utilizing CISA’s Protective DNS for upstream DNS resolution.

Phased Implementation:

  • Given the complexity of transitioning to encrypted DNS, the guidance recommends a phased approach, including steps such as adopting Protective DNS, blocking unauthorized DNS traffic, and encrypting DNS traffic for both roaming and on-premises endpoints.

Technical Instructions:

  • The document provides thorough technical instructions on utilizing CISA’s Protective DNS service and implementing encrypted DNS protocols such as DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUIC.
  • It discusses how Protective DNS can prevent endpoints from resolving malicious names.

Vendor-specific Implementation Advice:

  • Implementation advice tailored to various vendors, including web browsers, operating systems, and DNS servers, is included in Appendix A. This section offers precise instructions on configuring popular platforms to handle encrypted DNS protocols.

Source: cybersecuritynews.com

Peter Tolan
View More Posts
Peter Tolan is a Junior Content Editor for the HIPTHER network, where he has quickly established himself as a versatile voice in the global iGaming and technology sectors. Operating across the network's specialized platforms, Peter leverages a deep understanding of the European and American gaming landscapes to deliver high-impact, B2B intelligence. He is a key contributor to the "Evolution" side of the industry, specializing in the analysis of online gaming trends, the fast-paced world of esports, and the integration of deep-tech innovations. With a sharp eye for emerging technologies, Peter ensures that the HIPTHER community remains at the forefront of the global digital revolution.