SI-08 Spam Protection

System and Information Integrity

Low Moderate High

Description

The information system implements spam protection.

Supplemental Guidance

The organization employs spam protection mechanisms at critical information system entry points (e.g., firewalls, electronic mail servers, remote-access servers) and at workstations, servers, or mobile computing devices on the network. The organization uses the spam protection mechanisms to detect and take appropriate action on unsolicited messages transported by electronic mail, electronic mail attachments, Internet accesses, or other common means. Consideration is given to using spam protection software products from multiple vendors (e.g., using one vendor for boundary devices and servers and another vendor for workstations). NIST Special Publication 800-45 provides guidance on electronic mail security.

MITRE ATT&CK Techniques (20)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Reconnaissance 4 Initial Access 4 Execution 4 Persistence 7 Defense Evasion 1

Compliance Mappings

ISO 27001:2022

A.8.7

ISO 27002:2022

8.7

CIS Controls v8

CIS 10CIS 9CIS 9.5CIS 9.7

PCI DSS v4.0.1

5.4

BSI IT-Grundschutz

OPS.1.1.4

ANSSI

Hygiene.21Hygiene.22SecNumCloud.13.1

FINMA Circular 2023/1

IV.B.d(59)IV.C(64)

OSFI B-13

B-13.3.2B-13.3.3

EU GDPR

Art.32(1)(b)

EU DORA

Art.9(4)(b)

BIO2

8.7

RBI CSF

Annex1.10Annex1.14

MLPS 2.0

8.1.3.4

DNB Good Practice

DNB.19.1

NCA ECC

2-4

Qatar NIA

CBE CSF

CTO-8

SA JS2

JS2-8.4

IOSCO Cyber Resilience

DET-3

FFIEC IS

II.C.12

HIPAA Security Rule

§164.308(a)(5)(ii)(B)

SEBI CSCRF

EMAIL-SEC

CMMC 2.0

Lloyd's Minimum Standards

MS8.10

HITRUST CSF v11

09.c

ISO 27799

12.2

NHS DSPT

NDG-9.3NDG-9.4

ISO 17799 (legacy)

None.

COBIT 4.1 (legacy)

DS5.9