Requirement:
The cybersecurity requirements for protecting the email service must include at the least the following:
Sub-Controls:
2-4-3-1:
Requirement:
Analyzing and filtering email messages (specifically phishing emails and spam) using advanced and up-to-date email protection techniques.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements of email security at the organization and must be approved by the representative
- Define and provide advanced technologies to analyze and filter the organization's emails
- Activate analysis and filtering features in the email protection system through the dashboard
- Periodically review the list of suspicious emails such as phishing messages, spam messages, etc. through the system by the specialized team to follow up email protection
- Add new intrusion indicators related to email in the protection system on an ongoing basis
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Screenshot or direct example showing subscription and use of modern and advanced technologies to analyze and filter emails in the organization
- Screenshot or direct example of the configuration of email to prove the feature of analyzing and filtering emails, including phishing emails and spam emails
2-4-3-2:
Requirement:
Multi-factor authentication for remote and webmail access to email service, defining authentication factors, number of factors and suitable technique based on the result of impact assessment of authentication failure and bypass.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements of email security at the organization and must be approved by the representative
- Activate multi-factor authentication for remote access and organization's webmail access by, but not limited to, one of the following methods:
- Text messages linked to the email user's number must be used
- Advanced and reliable applications for multi-factor authentication
- Mobile device management applications must be used to allow users’ devices (as another element of access) to email for protocols (such as EWS, outlook anywhere protocols) that do not support text messages or applications that provide verification code
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Screenshot or direct example of email configuration to prove the activation of multi-factor authentication to access via the organization's email webmail
- Screenshot or direct example that proves the use of advanced and reliable technologies for multi-factor authentication
2-4-3-3:
Requirement:
Email archiving and backup.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements of email security at the organization and must be approved by the representative
- Define technologies compatible with the organization's technical systems and infrastructure to backup and archive the organization's email
- Define retention period for backup and archiving of the organization's email
- Perform backup at the level of the organization's email servers
- Activate archiving of all email boxes of the organization
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Screenshot or direct example showing subscription and use of modern and advanced technologies for backup and archiving of email, as well as the approved capacity and duration
- Backup reports for the organization's email servers
- Screenshot or direct example that shows the activation of the email boxes archiving feature
2-4-3-4:
Requirement:
Secure management and protection against Advanced Persistent Threats (APT), which normally utilize zero-day viruses and malware.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements of email security at the organization and must be approved by the representative
- Define and provide advanced technologies within the organization to provide email protection against advanced persistent threats and zero-day malware
- Activate features of advanced persistent threats and zero-day malware in the email protection system
- Review the list of suspicious emails that have been filtered by the system because they contain advanced persistent threats and zero-day malware
- Take necessary measures to protect the device of the recipient of the suspicious email message if it is not blocked by the protection system, and factors and indicators of penetration must be blocked
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Screenshot or direct example showing subscription and use of modern and advanced technologies for email ATP protection in the organization
- Screenshot or direct example showing email configuration in the organization and the activation of ATP protection
2-4-3-5:
Requirement:
Validation of the organization's email service domains through Haseen platform by using Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting and Conformance (DMARC).
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements of email security at the organization and must be approved by the representative
- Create an SPF Record containing servers authorized to send emails to protect the organization from the risk of spoofing
- Create DKIM Record, which uses the digital signature in all emails issued by the organization's domain to ensure the integrity of e-mails
- Create Domain-based Message Authentication, Reporting & Conformance (DMARC), which leverages existing email authentication techniques with SPF and DKIM to protect email domains from spoofing attacks
- Ensure linking the scope of email with the mail documentation service of Haseen platform
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Screenshot showing the preparation of the SPF Record, which shows the servers authorized to send email from the organization scope
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.