Detections
Analytics

CSCv7|7.8

Title

Implement DMARC and Enable Receiver-Side Verification

Description

To lower the chance of spoofed or modified emails from valid domains, implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail(DKIM) standards.

Reference Item Details

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.8 (L1) Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations v4.0.0 L1 E3
2.1.8 (L1) Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations v4.0.0 L1 E5
2.1.9 (L1) Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations v4.0.0 L1 E5
2.1.9 (L1) Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations v4.0.0 L1 E3
2.1.10 (L1) Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations v4.0.0 L1 E5
2.1.10 (L1) Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations v4.0.0 L1 E3
7.4 Ensure Either SPF or DKIM DNS Records are ConfiguredUnixCIS BIND DNS v1.0.0 L2 Authoritative Name Server