MS.EXO.3.1v1 - DKIM SHOULD be enabled for all domains.

Information

An adversary may modify the `FROM` field of an email such that it appears to be a legitimate email sent by an agency, facilitating phishing attacks. Enabling DKIM is another means for recipients to detect spoofed emails and verify the integrity of email content.

Solution

1. To enable DKIM, follow the instructions listed on [Steps to Create, enable and disable DKIM from Microsoft 365 Defender portal \| Microsoft Learn](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dkim-configure?view=o365-worldwide#steps-to-create-enable-and-disable-dkim-from-microsoft-365-defender-portal).

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-4, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|IA-9, 800-53|SC-7, 800-53|SC-20, 800-53|SC-44, 800-53|SI-2, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8

Plugin: microsoft_azure

Control ID: 12b5800bd6bd3d6ed03c5f84ce83a05e474c11e27e352fdd9458877fe3aafadb