• Tenable
  • Audits
  • Settings
    Links
    Tenable Cloud Tenable Community & Support Tenable University
    Theme
  • Tenable
  • Plugins
  • Overview
  • Plugins Pipeline
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • LCE Families
  • Tenable OT Security Families
  • About Plugin Families
  • Release Notes
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
    • Links
    • Tenable Cloud
    • Tenable Community & Support
    • Tenable University
    • Settings
    • Theme
Detections
  • Plugins
  • Overview
  • Plugins Pipeline
  • Release Notes
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • LCE Families
  • Tenable OT Security Families
  • About Plugin Families
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
Analytics
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
  1. Audits
  2. References
  3. CSCv7
  4. 7.7
  1. CSCv7

CSCv7|7.7

Title

Use of DNS Filtering Services

Description

Use DNS filtering services to help block access to known malicious domains.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.22.1 (L1) Ensure 'Cryptomining' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.4 Use Secure Upstream Caching DNS ServersUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
1.81 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled'WindowsCIS Microsoft Edge v3.0.0 L1
6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is availablePalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is availablePalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
8.4 Ensure ETag Response Header Fields Do Not Include InodesUnixCIS Apache HTTP Server 2.4 v2.2.0 L2
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 10.1 v1.1.0 L2
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 11 v1.0.0 L2
CIS Control 7 (7.7) Use of DNS Filtering ServicesUnixCAS Implementation Group 1 Audit File
  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2025 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance