WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) published Encrypted Domain Name System (DNS) Implementation Guidance for federal civilian agencies to meet requirements related to encryption of DNS traffic and enhance the cybersecurity posture of their IT networks to align with the Office of Management and Budget (OMB) Memorandum M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles and the National Cybersecurity Strategy.”
Traditionally, DNS protocol has not supported methods for ensuring the confidentiality, integrity, or authenticity of requests for information or responses. M-22-09 specifically calls for agencies to encrypt DNS traffic where technically feasible while statutory mandates require agencies to use CISA’s Protective DNS capability for egress DNS resolution. This guide will assist agencies with the implementation of currently feasible technical capabilities for agency networks, DNS infrastructure, on-premises endpoints, cloud deployments, and roaming, nomadic, and mobile endpoints.