The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance on Thursday that aims to help Federal agencies meet requirements related to the encryption of Domain Name System (DNS) traffic and bolster the cybersecurity of their IT networks.
The 35-page document, titled the Encrypted Domain Name System (DNS) Implementation Guidance, looks to align Federal agencies to the Office of Management and Budget’s (OMB) 2022 directive (also known as M-22-09) that calls on Federal agencies to migrate to zero trust security architectures.
The Domain Name System, or DNS, works to translate human-readable domain names (for example, www.meritalk.com) to machine-readable IP addresses. However, CISA explains that traditionally, DNS “has not supported methods for ensuring the confidentiality, integrity, or authenticity of requests for information or the responses.”
Therefore, the CISA guidance calls on Federal agencies to use encrypted DNS traffic where technically feasible – in alignment with OMB’s memo. CISA said implementing encrypted DNS will align agency IT networks with zero trust principles.
“As the operational lead for Federal cybersecurity, CISA developed this guide to assist Federal agencies with understanding and implementing key actions and protocols to begin encrypting DNS traffic,” said Eric Goldstein, executive assistant director for cybersecurity at CISA.
“This guide will help agencies progress further in their zero trust security journey. CISA continues our efforts and collaboration with agencies to modernize Federal agency cybersecurity successfully and securely,” Goldstein added.
The guidance includes a variety of resources for Federal agencies, such as an agency implementation checklist of required changes, recommendations to prioritize phased implementation, and technical guidance and references.
“While this guide is intended for Federal agencies, all organizations are encouraged to review it as a benchmark for appropriate, applicable steps they can apply to advance their own zero trust efforts,” CISA said.
