SI-8: Spam Protection

CSF v1.1 References:


Next Version:

Control Statement

The organization:

  1. Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and
  2. Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Supplemental Guidance

Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions.

Control Enhancements

SI-8(3): Continuous Learning Capability


(Not part of any baseline)

The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.