CMMC SI.3.218 - Employ Spam Protections

CMMC SI.3.218 - Employ Spam Protections

Requirement text: SI.3.218: Employ spam protection mechanisms at information system access entry
and exit points.

DISCUSSION FROM SOURCE: CMMC
Spam filtering is used to protect against unwanted, unsolicited, and often harmful emails
from reaching end user mailboxes. Spam filters are applied on inbound and outbound
emails. Spam filtering helps protect your network from phishing and emails containing
viruses and other malicious content. Spam filtering can also be used to mark email as
potential spam to caution users reading the email and clicking on links within the email.
Information system entry and exit points include, for example, firewalls, electronic mail
servers, web servers, proxy servers, remote-access servers, workstations, mobile devices,
and notebook/laptop computers.

CMMC CLARIFICATION
Spam filters should be applied on email that is inbound (coming into the organization) or
outbound (leaving the organization). Inbound filters can protect the organization’s users
from spam originating on the internet. Outbound protection helps the organization identify
the origins of potential spam on their own network. Without this, an organization risks
having its email server blacklisted for sending spam emails.

Example
As the email administrator for your company, you notice a significant increase in the amount
of spam entering your network year after year. You want to implement a spam filtering
capability to meet these two goals:
      • reduce the number of unsolicited email to your user’s inboxes; and
      • block potentially harmful email, including phishing emails and attachments, from
        reaching end users.

You create a spam mailbox where users can forward spam emails that make it through the
filter. You periodically review the spam mailbox emails and use them to improve the spam
filter rules to better block spam in the future.

You are also concerned that, without adding outbound spam protections, your organization’s
email servers could be blacklisted. Because of this, you implement outbound protections
that allow you to trace potential spam email originating on your network to a specific user
and machine.

References
• CMMC
• NIST SP 800-53 Rev 4 SI-8

    • Related Articles

    • CMMC SC.5.208 - Employ Advances Boundary Protections

      Requirement text: SC.5.208: Employ organizationally defined and tailored boundary protections in addition to commercially available solutions.  DISCUSSION FROM SOURCE: CMMC Advanced adversaries study and analyze standard commercial security solutions ...

    • CMMC SI.1.212 – Update Malicious Code Protections

      Requirement text: SI.1.212: Update malicious code protection mechanisms when new releases are available. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Malicious code protection mechanisms include anti-virus signature definitions and ...

    • CMMC SI.3.219 - Implement Email Forgery Protection

      Requirement text: SI.3.219: Implement email forgery protections. DISCUSSION FROM SOURCE: CMMC Protecting your environment from harmful emails is one of the best ways to reduce the risk of viruses and malware from entering your network. Email attacks ...

    • CMMC CM.2.062 - Employ Least Functionality

      Requirement text: CM.2.062: Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Systems can provide a wide variety of functions and ...

    • System and Information Integrity: SP 800-171 Security Family 3.14

      Integrity is defined as guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. It is the assertion that data can only be accessed or modified by the authorized employees. ...