System And Information Integrity
Employ spam protection mechanisms at information system access entry and exit points.
Spam filters should be applied on email that is inbound (coming into the organization) or outbound (leaving the organization). Inbound filters can protect the organization’s users from spam originating on the internet. Outbound protection helps the organization identify the origins of potential spam on their own network. Without this, an organization risks having its email server blacklisted for sending spam emails. Example As the email administrator for your company, you notice a significant increase in the amount of spam entering your network year after year. You want to implement a spam filtering capability to meet these two goals: * reduce the number of unsolicited email to your user’s inboxes * block potentially harmful email, including phishing emails and attachments, from reaching end users. You create a spam mailbox where users can forward spam emails that make it through the filter. You periodically review the spam mailbox emails and use them to improve the spam filter rules to better block spam in the future. You are also concerned that, without adding outbound spam protections, your organization’s email servers could be blacklisted. Because of this, you implement outbound protections that allow you to trace potential spam email originating on your network to a specific user and machine.
CMMC Spam filtering is used to protect against unwanted, unsolicited, and often harmful emails from reaching end user mailboxes. Spam filters are applied on inbound and outbound emails. Spam filtering helps protect your network from phishing and emails containing viruses and other malicious content. Spam filtering can also be used to mark email as potential spam to caution users reading the email and clicking on links within the email. Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers.
NIST SP 800-53 Rev 4 SI-8
SI.3.218.[a] the organization employs spam protection mechanisms at information system entry points to detect unsolicited messages;
SI.3.218.[b] the organization employs spam protection mechanisms at information system entry points to take organizationally defined actions on unsolicited messages;
SI.3.218.[c] the organization employs spam protection mechanisms at information system exit points to detect unsolicited messages;
SI.3.218.[d] the organization employs spam protection mechanisms at information system exit points to take organizationally defined actions on unsolicited messages; and
SI.3.218.[e] the organization updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.