SI.3.218

Control Acronym

SI

Family

System And Information Integrity

CMMC Level

3

800-171 Control #

N/A

CMMC Description

Employ spam protection mechanisms at information system access entry and exit points.

CMMC Clarification

Spam filters should be applied on email that is inbound (coming into the organization) or outbound (leaving the organization). Inbound filters can protect the organization’s users from spam originating on the internet. Outbound protection helps the organization identify the origins of potential spam on their own network. Without this, an organization risks having its email server blacklisted for sending spam emails. Example As the email administrator for your company, you notice a significant increase in the amount of spam entering your network year after year. You want to implement a spam filtering capability to meet these two goals: * reduce the number of unsolicited email to your user’s inboxes * block potentially harmful email, including phishing emails and attachments, from reaching end users. You create a spam mailbox where users can forward spam emails that make it through the filter. You periodically review the spam mailbox emails and use them to improve the spam filter rules to better block spam in the future. You are also concerned that, without adding outbound spam protections, your organization’s email servers could be blacklisted. Because of this, you implement outbound protections that allow you to trace potential spam email originating on your network to a specific user and machine.

800-171 Description

800-171 Discussion

N/A

Other Source Discussion

CMMC Spam filtering is used to protect against unwanted, unsolicited, and often harmful emails from reaching end user mailboxes. Spam filters are applied on inbound and outbound emails. Spam filtering helps protect your network from phishing and emails containing viruses and other malicious content. Spam filtering can also be used to mark email as potential spam to caution users reading the email and clicking on links within the email. Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers.

CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 SI-8

CMMC Derived

CMMC

NIST CSF Control References

NIST 800-171 References

Applicable FAR Clause

NIST CSF Control Reference

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Assessment Sub-Criteria 1

SI.3.218.[a] the organization employs spam protection mechanisms at information system entry points to detect unsolicited messages;

Assessment Sub-Criteria 2

SI.3.218.[b] the organization employs spam protection mechanisms at information system entry points to take organizationally defined actions on unsolicited messages;

Assessment Sub-Criteria 3

SI.3.218.[c] the organization employs spam protection mechanisms at information system exit points to detect unsolicited messages;

Assessment Sub-Criteria 4

SI.3.218.[d] the organization employs spam protection mechanisms at information system exit points to take organizationally defined actions on unsolicited messages; and

Assessment Sub-Criteria 5

SI.3.218.[e] the organization updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15