Back to Control Explorer



Control Acronym



System And Communications Protection

CMMC Level


800-171 Control #


CMMC Description

Utilize threat intelligence to proactively block DNS requests from reaching malicious domains.

CMMC Clarification

As part of collecting threat intelligence from a variety of sources such as government, industry peer organizations, or commercial services, use the known, bad domain names to feed security mechanisms (e.g., DNS servers or firewalls). Implement checks in the organization’s system to ensure devices making DNS calls to malicious sites are blocked from getting to those sites. This practice explicitly requires the use of threat intelligence in its application. This differs from the DNS filtering in practice SC.3.192 that allows for other means of creating the filters. Example You are responsible for network security for your organization and participate in the National Defense Information Sharing and Analysis Center (ND-ISAC) working groups. You subscribe to automated feeds from ND-ISAC and electronic sharing with your peers to learn about new malware sites and update your DNS server to black hole access to them.

800-171 Description

800-171 Discussion


Other Source Discussion

CMMC Threat intelligence can provide information on known, bad domain names. Using that information to prevent access by blocking DNS requests for those domains is one way to prevent an organization from being attacked with watering hole attacks or malicious downloads.

CIS Control References

NIST 800-53 Control Ref.

CMMC Derived

NIST CSF Control References

NIST 800-171 References

Applicable FAR Clause

NIST CSF Control Reference

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

Assessment Sub-Criteria 2

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15