Куда я попал?
CIS Critical Security Controls v8 (The 18 CIS CSC)
Framework
9.5
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
Guideline for a healthy information system v.2.0 (EN):
24 STRENGTHENED
/STRENGTHENED
Not directly exposing the mailbox servers to the Internet is preferable. In this case, a relay server dedicated to send and receive messages must be implemented in case the Internet is cut off.
While spam - whether malicious or not - accounts for the majority of email exchanges on the Internet, the deployment of an anti-spam service must be able to remove this source of risks.
Finally, the email administrator will ensure the implementation of authenticity verification mechanisms and the correct configuration of public DNS records linked to its email infrastructure (MX, SPF, DKIM, DMARC).
Not directly exposing the mailbox servers to the Internet is preferable. In this case, a relay server dedicated to send and receive messages must be implemented in case the Internet is cut off.
While spam - whether malicious or not - accounts for the majority of email exchanges on the Internet, the deployment of an anti-spam service must be able to remove this source of risks.
Finally, the email administrator will ensure the implementation of authenticity verification mechanisms and the correct configuration of public DNS records linked to its email infrastructure (MX, SPF, DKIM, DMARC).
ГОСТ Р № ИСО/МЭК 27001-2021 от 01.01.2022 "Информационная технология. Методы и средства обеспечения безопасности. Системы менеджмента информационной безопасности. Требования - Приложение А":
A.13.2.3
A.13.2.3 Электронный обмен сообщениями
Мера обеспечения информационной безопасности: Следует обеспечивать соответствующую защиту информации при электронном обмене сообщениями
Мера обеспечения информационной безопасности: Следует обеспечивать соответствующую защиту информации при электронном обмене сообщениями
CIS Critical Security Controls v7.1 (SANS Top 20):
CSC 7.8
CSC 7.8 Implement DMARC and Enable Receiver-Side Verification
To lower the chance of spoofed or modified emails from valid domains, implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail(DKIM) standards.
To lower the chance of spoofed or modified emails from valid domains, implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail(DKIM) standards.
Strategies to Mitigate Cyber Security Incidents (EN):
1.14.
Block spoofed emails. Use Sender Policy Framework (SPF) or Sender ID to check incoming emails. Use ‘hard fail’ SPF TXT and DMARC DNS records to mitigate emails that spoof the organisation’s domain.
Relative Security Effectiveness: Very Good | Potential User Resistance: Low | Upfront Cost: Low | Ongoing Maintenance Cost: Low
Relative Security Effectiveness: Very Good | Potential User Resistance: Low | Upfront Cost: Low | Ongoing Maintenance Cost: Low
Связанные защитные меры
Ничего не найдено