Requirement:
The cybersecurity requirements for email service must be implemented.
Control Implementation Guidelines:
- Email protection cybersecurity requirements in the organization must be implemented, including:
- Approved cybersecurity requirements must be implemented to protect the organization's email, including but not limited to the use of appropriate and advanced technologies to analyze and filter emails
- Advanced technologies must be used to protect the organization's email from phishing emails and spam messages, including but not limited to the presence of an official and effective subscription with email protection service providers
- Email access must be through an intermediary, including but not limited to Load balancer
Expected Deliverables:
- An action plan to implement Email protection cybersecurity requirements at the organization
- Email protection controls in the organization must be implemented, including but not limited to:
- Advanced email protection and filtering technologies must be used by the organization to block suspicious messages, such as spam and phishing emails
- Antivirus solutions must be configured to email servers in order to scan all inbound and outbound emails
- Email field of the organization must be documented by using necessary means, such as the Sender Policy Framework, and reliability of incoming mail fields must be ensured through modern technologies such as (Incoming Message DMARC verification)
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.