The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

Safeguard 4.9 requires you to configure trusted DNS Servers on your assets.

The DNS (Domain Name System) plays a critical role while directing web traffic. If you wanted to go to LinkedIn.com, DNS takes the domain name and returns the IP address that is associated with the name so that you're browser takes you to the correct page.

Not all DNS servers are created equal. Using an untrustworthy or unknown DNS server exposes you to risk including malware and phishing attacks. Some public wifi networks will require you to use their specified DNS server, so a VPN may be required if you're doing a lot of secure surfing on public networks.

Sure we all can use Google's free 8.8.8.8 or 8.8.4.4, Comcast's 75.75.75.75 or 75.75.76.76, but when protecting your business paid DNS services give you an edge and some functionality you won't get with a free solution.

Cisco Umbrella, TitanHQ, Zscaler, DNSFilter are some of the solutions that can provide you secure and trusted DNS solutions that can work both in and out of your office for today's modern workforce.

The bottom line here is when someone types in Microsoft.com we want them to find Microsoft.com and be secure in knowing their credentials are going to the correct place. DNS hijacking is a form of DNS attack where an attacker manipulates how DNS queries are resolved and redirect end users to their malicious websites over the legitimate sites.

So while this Safeguard is only required for IG2 and IG3 adding a solution that can protect users against this threat is an easy add on that works wherever the user is working.