Essential Cybersecurity Controls (ECC – 2 : 2024) 2-4-3 Requirement:
- The cybersecurity requirements for protecting the email service must include at the least the following:
- Analyzing and filtering email messages (specifically phishing emails and spam) using advanced and up-to-date email protection techniques.
- Multi-factor authentication for remote and webmail access to email service, defining authentication factors, number of factors and suitable technique based on the result of impact assessment of authentication failure and bypass.
- Email archiving and backup.
- Secure management and protection against Advanced Persistent Threats (APT), which normally utilize zero-day viruses and malware.
- Validation of the organization's email service domains through Haseen platform by using Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting and Conformance (DMARC).
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.