800-53|SI-8

Title

SPAM PROTECTION

Description

The organization:

Supplemental

Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions.

Reference Item Details

Related: AT-2,AT-3,SC-5,SC-7,SI-3

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.4 Ensure mounting of freevxfs filesystems is disabledUnixCIS Amazon Linux 2023 Server L1 v1.0.0
1.1.4.1.3 Ensure 'Consistent Mime Handling' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.12 Ensure 'Restrict File Download' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.7 Ensure 'Nonexistent recipients' is set to 'True'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.8 Ensure 'Attachment Filtering Agent' is configuredWindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.11 Ensure 'Exchange recipient filter' is set to 'True'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.19 Ensure 'Enable third party software injection blocking' is set to 'Enabled'WindowsCIS Google Chrome L1 v3.0.0
1.21 Ensure 'Ephemeral profile' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.22 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.23 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.24 Ensure 'Import search engines from default browser on first run' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.29 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.81 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled'WindowsCIS Microsoft Edge v3.0.0 L1
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 10 L2 v1.1.0
2.1 Alter the Advertised server.info StringUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
2.1.2 Ensure the Common Attachment Types Filter is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
2.1.4 Ensure Safe Attachments policy is enabledmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v3.1.0
2.1.5 Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabledmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v3.1.0
2.1.7 Ensure that an anti-phishing policy has been createdmicrosoft_azureCIS Microsoft 365 Foundations E5 L1 v3.1.0
2.1.14 Ensure comprehensive attachment filtering is appliedmicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v3.1.0
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 10 L2 v1.1.0
2.2 Alter the Advertised server.number StringUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
2.3 Alter the Advertised server.built DateUnixCIS Apache Tomcat 10 L2 v1.1.0
2.3.5 Ensure 'Block third-party storage partitioning for these origins' Is ConfiguredWindowsCIS Google Chrome L1 v3.0.0
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsUnixCIS Apache Tomcat 10 L2 v1.1.0
2.4.1 Ensure Priority account protection is enabled and configuredmicrosoft_azureCIS Microsoft 365 Foundations E5 L1 v3.1.0
2.4.2 Ensure Priority accounts have 'Strict protection' presets appliedmicrosoft_azureCIS Microsoft 365 Foundations E5 L1 v3.1.0
2.5 Disable client facing Stack TracesUnixCIS Apache Tomcat 10 L1 v1.1.0
2.5 Disable client facing Stack TracesUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
2.5.1.5.1 Ensure 'Automatically download attachments' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.1.5.2 Ensure 'Do not include Internet Calendar integration in Outlook' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.1.6.1 Ensure 'Download full text of articles as HTML attachments' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.1.1 Ensure 'Allow users to demote attachments to Level 2' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.1.2 Ensure 'Display Level 1 attachments' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.1.3 Ensure 'Do not prompt about Level 1 attachments when closing an item' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.1.4 Ensure 'Do not prompt about Level 1 attachments when sending an item' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.1.5 Ensure 'Remove file extensions blocked as Level 1' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.1.6 Ensure 'Remove file extensions blocked as Level 2' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.4.1 Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.10.1 Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is EnabledWindowsCIS Google Chrome L1 v3.0.0
2.21 Ensure 'Allow reporting of domain reliability related data' Is DisabledWindowsCIS Google Chrome L1 v3.0.0
2.26 Ensure 'Enable Google Search Side Panel' Is DisabledWindowsCIS Google Chrome L1 v3.0.0
2.30 Ensure 'Enable Renderer App Container' Is EnabledWindowsCIS Google Chrome L1 v3.0.0
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 10 L2 v1.1.0
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 9 L2 v1.2.0
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
10.15 Do not resolve hosts on logging valvesUnixCIS Apache Tomcat 10.1 v1.0.0 L2