MS.EXO.10.3v1 - Email scanning SHALL be capable of reviewing emails after delivery.

Information

As known malware signatures are updated, it is possible for an email to be retroactively identified as containing malware after delivery. By scanning emails, the number of malware-infected in users' mailboxes can be reduced.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Any product meeting the requirements outlined in this baseline policy may be used. If the agency uses Microsoft Defender, see the following implementation steps for [enabling preset security policies](https://github.com/cisagov/ScubaGear/tree/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#implementation), which include zero-hour auto purge (ZAP) to retroactively detect malware in messages already delivered to mailboxes and removes them.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-4, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|IA-9, 800-53|SC-7, 800-53|SC-20, 800-53|SC-44, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8

Plugin: microsoft_azure

Control ID: a979fe09f2d9d2d64d2ee6db6af9a8bdfe6c9b2e5a3e791d35f69b23905e1efa