Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-4-1

Cybersecurity Requirements For Protecting Email Service Must Be Defined, Documented And Approved.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-4-2

The Cybersecurity Requirements For Email Service Must Be Implemented.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-4-3

  1. The cybersecurity requirements for protecting the email service must include at the least the following:
    1. Analyzing and filtering email messages (specifically phishing emails and spam) using advanced and up-to-date email protection techniques.
    2. Multi-factor authentication for remote and webmail access to email service, defining authentication factors, number of factors and suitable technique based on the result of impact assessment of authentication failure and bypass.
    3. Email archiving and backup.
    4. Secure management and protection against Advanced Persistent Threats (APT), which normally utilize zero-day viruses and malware.
    5. Validation of the organization's email service domains through Haseen platform by using Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting and Conformance (DMARC).
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-4-4

The Cybersecurity Requirements For Email Service Must Be Reviewed Periodically.
View Requirement