Teaser only. This is not the full article. Complete Type II evidence guide for DNS email controls: SOC2 CC6.6 DNS Monitoring Evidence
Your auditor opens the evidence folder. You hand them a dig screenshot from last month. They ask what happened in March.
Type II reviews operating effectiveness across the whole window, not DNS correctness on audit eve. CC6.6 ties to boundary controls on email infrastructure: enforced DMARC, MTA-STS, access to DNS panels, and proof you caught drift.
A last-minute cleanup does not erase three months at p=none.
dig _dmarc.example.com TXT +short
Look for p=quarantine or p=reject during sample weeks, not just on the final day.
In the full post on zerohook.org:
- CC6.1, CC6.6, and CC7.1 mapping for DNS
- Evidence package auditors accept (vs. Excel screenshots)
- Weekly monitoring cadence for SMB Type II
- Tamper-proof change logs
Read the full guide: SOC2 CC6.6 DNS Monitoring Evidence
Top comments (0)