Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization centrally manages spam protection mechanisms.
NIST 800-53 (r4) Supplemental Guidance:
Central management is the organization-wide management and implementation of spam protection mechanisms. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed spam protection security controls. Related controls: AU-3, SI-2, SI-7.
NIST 800-53 (r5) Discussion:
[Withdrawn: Incorporated into PL-9.]
38North Guidance:
Meets Minimum Requirement:
If the system will be allowing inbound emails, CSP should centrally manage spam protection mechanisms.
This control is not applicable if the system does not accept any inbound email and here are no email servers or components that are able to carry a spam payload within scope of the system.
Best Practice: None
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Central mechanisms supporting and/or implementing spam protection.
If marked N/A, 3PAO will inspect the information system, firewall rulesets, etc. to confirm the cloud service offering does not allow inbound emails.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse