SI-8: Spam Protection

CSF v1.1 References:

Baselines:

  • Low

    N/A

  • Moderate
  • High
  • Privacy

    N/A

Previous Version:

Control Statement

  1. Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and
  2. Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Supplemental Guidance

System entry and exit points include firewalls, remote-access servers, electronic mail servers, web servers, proxy servers, workstations, notebook computers, and mobile devices. Spam can be transported by different means, including email, email attachments, and web accesses. Spam protection mechanisms include signature definitions.

Control Enhancements

SI-8(2): Automatic Updates

Baseline(s):

  • Moderate
  • High

Automatically update spam protection mechanisms [Assignment: organization-defined frequency].

SI-8(3): Continuous Learning Capability

Baseline(s):

(Not part of any baseline)

Implement spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.